head 1.96; access; symbols pkgsrc-2013Q2:1.96.0.4 pkgsrc-2013Q2-base:1.96 pkgsrc-2012Q4:1.96.0.2 pkgsrc-2012Q4-base:1.96 pkgsrc-2012Q1:1.93.0.2 pkgsrc-2012Q1-base:1.93 pkgsrc-2011Q4:1.91.0.4 pkgsrc-2011Q4-base:1.91 pkgsrc-2011Q3:1.91.0.2 pkgsrc-2011Q3-base:1.91 pkgsrc-2011Q2:1.90.0.2 pkgsrc-2011Q2-base:1.90 pkgsrc-2011Q1:1.89.0.2 pkgsrc-2011Q1-base:1.89 pkgsrc-2010Q4:1.84.0.2 pkgsrc-2010Q4-base:1.84 pkgsrc-2010Q3:1.79.0.2 pkgsrc-2010Q3-base:1.79 pkgsrc-2010Q2:1.78.0.2 pkgsrc-2010Q2-base:1.78 pkgsrc-2010Q1:1.77.0.2 pkgsrc-2010Q1-base:1.77 pkgsrc-2009Q4:1.71.0.2 pkgsrc-2009Q4-base:1.71 pkgsrc-2009Q3:1.67.0.2 pkgsrc-2009Q3-base:1.67 pkgsrc-2009Q2:1.63.0.2 pkgsrc-2009Q2-base:1.63 pkgsrc-2009Q1:1.62.0.2 pkgsrc-2009Q1-base:1.62 pkgsrc-2008Q4:1.56.0.2 pkgsrc-2008Q4-base:1.56 pkgsrc-2008Q3:1.52.0.8 pkgsrc-2008Q3-base:1.52 cube-native-xorg:1.52.0.6 cube-native-xorg-base:1.52 pkgsrc-2008Q2:1.52.0.4 pkgsrc-2008Q2-base:1.52 cwrapper:1.52.0.2 pkgsrc-2008Q1:1.51.0.2 pkgsrc-2008Q1-base:1.51 pkgsrc-2007Q4:1.50.0.2 pkgsrc-2007Q4-base:1.50 pkgsrc-2007Q3:1.49.0.2 pkgsrc-2007Q3-base:1.49 pkgsrc-2007Q2:1.44.0.2 pkgsrc-2007Q2-base:1.44 pkgsrc-2007Q1:1.36.0.2 pkgsrc-2007Q1-base:1.36 pkgsrc-2006Q4:1.35.0.2 pkgsrc-2006Q4-base:1.35 pkgsrc-2006Q3:1.29.0.2 pkgsrc-2006Q3-base:1.29 pkgsrc-2006Q2:1.23.0.2 pkgsrc-2006Q2-base:1.23 pkgsrc-2006Q1:1.14.0.2 pkgsrc-2006Q1-base:1.14 pkgsrc-2005Q4:1.13.0.2 pkgsrc-2005Q4-base:1.13 pkgsrc-2005Q3:1.8.0.2 pkgsrc-2005Q3-base:1.8 pkgsrc-2005Q2:1.6.0.2 pkgsrc-2005Q2-base:1.6 pkgsrc-2005Q1:1.5.0.2 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.4.0.2 pkgsrc-2004Q4-base:1.4 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.96 date 2012.06.16.15.15.06; author taca; state dead; branches; next 1.95; 1.95 date 2012.06.05.08.58.36; author abs; state Exp; branches; next 1.94; 1.94 date 2012.05.13.16.09.52; author taca; state Exp; branches; next 1.93; 1.93 date 2012.02.02.15.47.13; author taca; state Exp; branches 1.93.2.1; next 1.92; 1.92 date 2012.02.02.15.44.21; author taca; state Exp; branches; next 1.91; 1.91 date 2011.08.20.14.50.51; author taca; state Exp; branches 1.91.4.1; next 1.90; 1.90 date 2011.06.15.14.41.16; author taca; state Exp; branches; next 1.89; 1.89 date 2011.03.21.16.34.28; author taca; state Exp; branches; next 1.88; 1.88 date 2011.03.21.16.08.29; author taca; state Exp; branches; next 1.87; 1.87 date 2011.02.21.16.26.49; author taca; state Exp; branches; next 1.86; 1.86 date 2011.02.21.16.21.17; author taca; state Exp; branches; next 1.85; 1.85 date 2011.01.13.13.52.53; author wiz; state Exp; branches; next 1.84; 1.84 date 2011.01.07.09.16.26; author taca; state Exp; branches 1.84.2.1; next 1.83; 1.83 date 2011.01.06.22.13.24; author jklos; state Exp; branches; next 1.82; 1.82 date 2010.12.16.14.20.45; author taca; state Exp; branches; next 1.81; 1.81 date 2010.12.13.13.15.45; author taca; state Exp; branches; next 1.80; 1.80 date 2010.11.25.03.44.16; author taca; state Exp; branches; next 1.79; 1.79 date 2010.07.24.22.23.15; author tron; state Exp; branches 1.79.2.1; next 1.78; 1.78 date 2010.06.13.22.44.51; author wiz; state Exp; branches 1.78.2.1; next 1.77; 1.77 date 2010.03.27.06.23.13; author taca; state Exp; branches; next 1.76; 1.76 date 2010.03.04.15.36.04; author taca; state Exp; branches; next 1.75; 1.75 date 2010.03.03.02.15.15; author taca; state Exp; branches; next 1.74; 1.74 date 2010.03.03.02.01.40; author taca; state Exp; branches; next 1.73; 1.73 date 2010.02.27.03.25.16; author taca; state Exp; branches; next 1.72; 1.72 date 2010.02.05.12.15.47; author obache; state Exp; branches; next 1.71; 1.71 date 2009.12.23.07.07.34; author taca; state Exp; branches 1.71.2.1; next 1.70; 1.70 date 2009.11.30.06.14.08; author taca; state Exp; branches; next 1.69; 1.69 date 2009.10.22.14.49.06; author taca; state Exp; branches; next 1.68; 1.68 date 2009.10.22.14.37.47; author taca; state Exp; branches; next 1.67; 1.67 date 2009.09.26.07.35.31; author taca; state Exp; branches 1.67.2.1; next 1.66; 1.66 date 2009.09.26.05.40.05; author taca; state Exp; branches; next 1.65; 1.65 date 2009.08.11.14.41.23; author taca; state Exp; branches; next 1.64; 1.64 date 2009.07.07.21.57.28; author jdolecek; state Exp; branches; next 1.63; 1.63 date 2009.06.26.21.56.40; author jdolecek; state Exp; branches 1.63.2.1; next 1.62; 1.62 date 2009.03.05.23.22.24; author adrianp; state Exp; branches; next 1.61; 1.61 date 2009.03.02.22.52.17; author adrianp; state Exp; branches; next 1.60; 1.60 date 2009.02.25.08.59.47; author sborrill; state Exp; branches; next 1.59; 1.59 date 2009.02.21.17.01.52; author adrianp; state Exp; branches; next 1.58; 1.58 date 2009.02.17.23.18.55; author adrianp; state Exp; branches; next 1.57; 1.57 date 2009.02.07.18.03.00; author adrianp; state Exp; branches; next 1.56; 1.56 date 2008.12.10.19.37.01; author adrianp; state Exp; branches 1.56.2.1; next 1.55; 1.55 date 2008.12.08.14.52.01; author adrianp; state Exp; branches; next 1.54; 1.54 date 2008.12.05.13.07.37; author adrianp; state Exp; branches; next 1.53; 1.53 date 2008.10.28.07.07.58; author adam; state Exp; branches; next 1.52; 1.52 date 2008.05.04.16.50.44; author adrianp; state Exp; branches; next 1.51; 1.51 date 2008.03.04.18.58.52; author sborrill; state Exp; branches 1.51.2.1; next 1.50; 1.50 date 2007.11.23.13.20.00; author adrianp; state Exp; branches; next 1.49; 1.49 date 2007.09.11.20.14.46; author jdolecek; state Exp; branches 1.49.2.1; next 1.48; 1.48 date 2007.09.04.23.39.31; author jdolecek; state Exp; branches; next 1.47; 1.47 date 2007.09.02.21.13.43; author jdolecek; state Exp; branches; next 1.46; 1.46 date 2007.09.02.21.12.41; author jdolecek; state Exp; branches; next 1.45; 1.45 date 2007.08.01.01.40.07; author taca; state Exp; branches; next 1.44; 1.44 date 2007.06.11.17.45.30; author heinz; state Exp; branches 1.44.2.1; next 1.43; 1.43 date 2007.06.08.12.29.53; author adrianp; state Exp; branches; next 1.42; 1.42 date 2007.06.07.10.45.42; author adrianp; state Exp; branches; next 1.41; 1.41 date 2007.06.06.19.33.13; author adrianp; state Exp; branches; next 1.40; 1.40 date 2007.05.06.20.07.36; author adrianp; state Exp; branches; next 1.39; 1.39 date 2007.05.06.13.08.33; author tron; state Exp; branches; next 1.38; 1.38 date 2007.04.29.12.30.18; author taca; state Exp; branches; next 1.37; 1.37 date 2007.04.28.22.05.50; author sborrill; state Exp; branches; next 1.36; 1.36 date 2007.02.20.20.46.20; author jdolecek; state Exp; branches 1.36.2.1; next 1.35; 1.35 date 2006.11.07.17.24.39; author tron; state Exp; branches 1.35.2.1; next 1.34; 1.34 date 2006.11.07.16.57.46; author tron; state Exp; branches; next 1.33; 1.33 date 2006.11.06.22.06.35; author jdolecek; state Exp; branches; next 1.32; 1.32 date 2006.11.04.11.27.55; author adrianp; state Exp; branches; next 1.31; 1.31 date 2006.11.01.11.33.34; author tron; state Exp; branches; next 1.30; 1.30 date 2006.10.22.13.19.19; author adrianp; state Exp; branches; next 1.29; 1.29 date 2006.08.28.12.17.10; author taca; state Exp; branches 1.29.2.1; next 1.28; 1.28 date 2006.08.19.16.50.44; author taca; state Exp; branches; next 1.27; 1.27 date 2006.08.19.16.44.15; author taca; state Exp; branches; next 1.26; 1.26 date 2006.08.10.05.57.09; author taca; state Exp; branches; next 1.25; 1.25 date 2006.07.18.21.57.30; author adrianp; state Exp; branches; next 1.24; 1.24 date 2006.07.08.00.53.09; author minskim; state Exp; branches; next 1.23; 1.23 date 2006.05.23.22.55.22; author jdolecek; state Exp; branches 1.23.2.1; next 1.22; 1.22 date 2006.05.17.06.20.00; author reed; state Exp; branches; next 1.21; 1.21 date 2006.05.16.19.54.02; author adrianp; state Exp; branches; next 1.20; 1.20 date 2006.05.07.09.41.56; author jdolecek; state Exp; branches; next 1.19; 1.19 date 2006.05.06.22.42.44; author jdolecek; state Exp; branches; next 1.18; 1.18 date 2006.04.22.10.54.53; author jdolecek; state Exp; branches; next 1.17; 1.17 date 2006.04.22.10.41.59; author jdolecek; state Exp; branches; next 1.16; 1.16 date 2006.04.22.10.27.05; author jdolecek; state Exp; branches; next 1.15; 1.15 date 2006.04.14.13.47.29; author cube; state Exp; branches; next 1.14; 1.14 date 2006.02.06.06.39.59; author martti; state Exp; branches 1.14.2.1; next 1.13; 1.13 date 2005.12.06.08.32.22; author jdolecek; state Exp; branches 1.13.2.1; next 1.12; 1.12 date 2005.12.04.12.02.08; author jdolecek; state Exp; branches; next 1.11; 1.11 date 2005.12.03.18.53.57; author jdolecek; state Exp; branches; next 1.10; 1.10 date 2005.10.16.12.17.47; author jdolecek; state Exp; branches; next 1.9; 1.9 date 2005.10.07.21.09.28; author jdolecek; state Exp; branches; next 1.8; 1.8 date 2005.09.08.18.49.01; author jdolecek; state Exp; branches; next 1.7; 1.7 date 2005.09.03.13.37.36; author adrianp; state Exp; branches; next 1.6; 1.6 date 2005.04.11.20.16.02; author jdolecek; state Exp; branches 1.6.2.1; next 1.5; 1.5 date 2005.02.24.09.03.10; author agc; state Exp; branches; next 1.4; 1.4 date 2004.12.17.07.53.06; author jdolecek; state Exp; branches; next 1.3; 1.3 date 2004.12.12.11.03.33; author jdolecek; state Exp; branches; next 1.2; 1.2 date 2004.10.31.21.14.54; author jdolecek; state Exp; branches; next 1.1; 1.1 date 2004.10.29.20.31.54; author jdolecek; state Exp; branches 1.1.1.1; next ; 1.93.2.1 date 2012.05.16.12.50.45; author tron; state Exp; branches; next ; 1.91.4.1 date 2012.02.14.09.48.13; author tron; state Exp; branches; next ; 1.84.2.1 date 2011.02.23.19.12.53; author tron; state Exp; branches; next 1.84.2.2; 1.84.2.2 date 2011.03.22.06.22.17; author sbd; state Exp; branches; next 1.84.2.3; 1.84.2.3 date 2011.03.22.06.31.55; author sbd; state Exp; branches; next ; 1.79.2.1 date 2010.12.23.10.10.54; author sbd; state Exp; branches; next 1.79.2.2; 1.79.2.2 date 2011.01.08.15.29.46; author tron; state Exp; branches; next ; 1.78.2.1 date 2010.07.25.11.56.16; author spz; state Exp; branches; next ; 1.71.2.1 date 2010.02.06.10.08.54; author spz; state Exp; branches; next 1.71.2.2; 1.71.2.2 date 2010.03.04.20.27.04; author tron; state Exp; branches; next ; 1.67.2.1 date 2009.10.22.21.25.08; author tron; state Exp; branches; next 1.67.2.2; 1.67.2.2 date 2009.11.30.23.10.20; author tron; state Exp; branches; next 1.67.2.3; 1.67.2.3 date 2009.12.23.19.09.51; author spz; state Exp; branches; next ; 1.63.2.1 date 2009.09.30.12.19.49; author tron; state Exp; branches; next ; 1.56.2.1 date 2009.02.26.13.43.59; author tron; state Exp; branches; next 1.56.2.2; 1.56.2.2 date 2009.02.26.13.49.24; author tron; state Exp; branches; next 1.56.2.3; 1.56.2.3 date 2009.03.15.19.21.22; author tron; state Exp; branches; next ; 1.51.2.1 date 2008.05.15.09.56.31; author rtr; state Exp; branches; next ; 1.49.2.1 date 2007.12.05.14.07.19; author ghen; state Exp; branches; next ; 1.44.2.1 date 2007.08.06.21.13.13; author ghen; state Exp; branches; next ; 1.36.2.1 date 2007.05.07.17.36.23; author ghen; state Exp; branches; next 1.36.2.2; 1.36.2.2 date 2007.05.15.23.42.39; author salo; state Exp; branches; next 1.36.2.3; 1.36.2.3 date 2007.06.14.23.34.08; author salo; state Exp; branches; next ; 1.35.2.1 date 2007.02.23.11.56.25; author ghen; state Exp; branches; next ; 1.29.2.1 date 2006.10.29.16.47.58; author ghen; state Exp; branches; next 1.29.2.2; 1.29.2.2 date 2006.11.04.16.25.31; author ghen; state Exp; branches; next ; 1.23.2.1 date 2006.07.23.16.17.02; author salo; state Exp; branches; next 1.23.2.2; 1.23.2.2 date 2006.08.10.07.19.25; author ghen; state Exp; branches; next 1.23.2.3; 1.23.2.3 date 2006.08.20.11.25.49; author ghen; state Exp; branches; next ; 1.14.2.1 date 2006.04.19.00.12.27; author salo; state Exp; branches; next ; 1.13.2.1 date 2006.02.15.14.12.20; author salo; state Exp; branches; next ; 1.6.2.1 date 2005.09.03.15.12.32; author salo; state Exp; branches; next ; 1.1.1.1 date 2004.10.29.20.31.54; author jdolecek; state Exp; branches; next ; desc @@ 1.96 log @Remove php5 (PHP 5.2.17), please migra to php53 or php54. @ text @$NetBSD: distinfo,v 1.95 2012/06/05 08:58:36 abs Exp $ SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095 RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9 Size (php-5.2.17/php-5.2.17.tar.bz2) = 9092312 bytes SHA1 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = fec10b2b81582d06bb0d0a96ea55c525afc8ab29 RMD160 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = b28b70faf136b3e04c5b483da0f4c2279378f43a Size (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 bytes SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20 SHA1 (patch-af) = 68c5a31dccf1854ba1aff653e4c524767d6a64f6 SHA1 (patch-ag) = 5e3e822657925a77fbccaca63f283863a1cc6d94 SHA1 (patch-ah) = a25cb7fa3d1f5b9fb99493a4348fdba69d3d4728 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc SHA1 (patch-al) = 257129124d46a84f7342b1a00f0cab073066e7cb SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602 SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1 SHA1 (patch-ext_exif_exif.c) = 0a6ab268751e633510cb6b334b1bdb84a014b528 SHA1 (patch-ext_shmop_shmop.c) = 6e11b87dd71ff26357b14b61df626c40b40a022d SHA1 (patch-ext_sockets_sockets.c) = f01eb6020450a62c305bdf59e12eeacbe8764be7 SHA1 (patch-ext_standard_basic__functions.c) = 897bee7703743a7bf6d6edfd0d7d22cf11eac0c2 SHA1 (patch-ext_zip_lib_zip__name__locate.c) = 4030e37ae4f93dbcb1a3a937a5407c2c406a49d6 SHA1 (patch-ext_zip_php__zip.c) = 134fa566a689d72d63a2fa0aa5c96c4595619089 SHA1 (patch-main_rfc1867.c) = 89a1a0e52402a8f8f1cc5b1ec007f5ab1ab69dc2 SHA1 (patch-main_snprintf.c) = cb112df0cadf84aaeee5987169a31460989995a8 SHA1 (patch-main_snprintf.h) = 86ae4c1c8ae9183254e9914cb56d3df999f719cf SHA1 (patch-main_spprintf.c) = 0fe0888b612402c41f040c8781df7f1a7ca66275 SHA1 (patch-main_streams_cast.c) = 0e69cad7d6451b18ec844cc8ea6d18eaf0748530 SHA1 (patch-sapi_cgi_cgi__main.c) = a88f29e80810a3c9d9d895051c9dd3c1da8099b8 @ 1.95 log @Work around VAX lack of FP INF @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.94 2012/05/13 16:09:52 taca Exp $ @ 1.94 log @Add fix for CVE-2012-1823. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.93 2012/02/02 15:47:13 taca Exp $ d23 1 @ 1.93 log @Remove none existing patch files. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.92 2012/02/02 15:44:21 taca Exp $ d30 1 @ 1.93.2.1 log @Pullup ticket #3788 - requested by taca lang/php5: security patch Revisions pulled up: - lang/php5/Makefile 1.88 - lang/php5/distinfo 1.94 - lang/php5/patches/patch-sapi_cgi_cgi__main.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Sun May 13 16:09:52 UTC 2012 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-sapi_cgi_cgi__main.c Log Message: Add fix for CVE-2012-1823. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ a29 1 SHA1 (patch-sapi_cgi_cgi__main.c) = a88f29e80810a3c9d9d895051c9dd3c1da8099b8 @ 1.92 log @Trying to fix build problem on NetBSD current recently. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.91 2011/08/20 14:50:51 taca Exp $ a19 1 SHA1 (patch-ext_date_lib_parse__date.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 a20 1 SHA1 (patch-ext_pdo_pdo__sql__parser.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 a22 2 SHA1 (patch-ext_standard_url__scanner__ex.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA1 (patch-ext_standard_var__unserializer.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 @ 1.91 log @* Update distinfo with suhosin-patch. * Remove some junks. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.90 2011/06/15 14:41:16 taca Exp $ d20 1 d22 1 d25 2 d33 1 @ 1.91.4.1 log @Pullup ticket #3682 - requested by riz lang/php5: build fix Revisions pulled up: - lang/php5/distinfo 1.92-1.93 - lang/php5/patches/patch-main_streams_cast.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Thu Feb 2 15:44:22 UTC 2012 Modified Files: pkgsrc/lang/php5: distinfo Added Files: pkgsrc/lang/php5/patches: patch-main_streams_cast.c Log Message: Trying to fix build problem on NetBSD current recently. --- Module Name: pkgsrc Committed By: taca Date: Thu Feb 2 15:47:13 UTC 2012 Modified Files: pkgsrc/lang/php5: distinfo Log Message: Remove none existing patch files. @ text @d1 1 a1 1 $NetBSD$ a28 1 SHA1 (patch-main_streams_cast.c) = 0e69cad7d6451b18ec844cc8ea6d18eaf0748530 @ 1.90 log @Add two security fix, CVE-2011-1938 and filename-injection from PHP 5.3's repository. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.89 2011/03/21 16:34:28 taca Exp $ d6 3 a19 1 SHA1 (patch-ext_date_lib_parse__date.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 a20 1 SHA1 (patch-ext_pdo_pdo__sql__parser.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 a22 2 SHA1 (patch-ext_standard_url__scanner__ex.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA1 (patch-ext_standard_var__unserializer.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 @ 1.89 log @Apply changes by r308525 from PHP's repository to fix bug #54055 (buffer overrun with high values for precision ini setting). It fixes one of security fixes by PHP 5.3.6. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.88 2011/03/21 16:08:29 taca Exp $ d17 1 d19 1 d21 3 d26 1 @ 1.88 log @Add a patch to fix bug #54193 (Integer overflow in shmop_read()) referring r309018 from PHPs' repository. (CVE-2011-1092) Bump PKGREVISION of devel/php-shmop. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.87 2011/02/21 16:26:49 taca Exp $ d21 3 @ 1.87 log @Regen distinfo. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.86 2011/02/21 16:21:17 taca Exp $ a5 3 SHA1 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = fec10b2b81582d06bb0d0a96ea55c525afc8ab29 RMD160 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = b28b70faf136b3e04c5b483da0f4c2279378f43a Size (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 bytes d18 1 @ 1.86 log @Re-enable suhosin patch as php53. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.85 2011/01/13 13:52:53 wiz Exp $ d20 3 @ 1.85 log @Update patches for png-1.5. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.84 2011/01/07 09:16:26 taca Exp $ d6 3 @ 1.84 log @Update php5 pacakge to 5.2.17. * patch-ab (Fix VAX floating point handling) is merge to PHP 5.2.17. 06 Jan 2010, PHP 5.2.17 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Rasmus) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.83 2011/01/06 22:13:24 jklos Exp $ a6 1 SHA1 (patch-ab) = feeb73834db284e8b3acabc11fb4c934837cb13f d11 1 a11 1 SHA1 (patch-al) = 3945eef039ed285e623273cdde4c51c4c6bc978b @ 1.84.2.1 log @Pullup ticket #3362 - requested by taca archivers/php-zip: security patch graphics/php-exif: security patch lang/php5: security patch lang/php53: security patch Revisions pulled up: - archivers/php-zip/Makefile 1.12-1.13 - graphics/php-exif/Makefile 1.9-1.10 - lang/php5/Makefile 1.82-1.83 - lang/php5/Makefile.php 1.43-1.44 - lang/php5/distinfo 1.86-1.87 - lang/php5/patches/patch-ext_exif_exif.c 1.1 - lang/php5/patches/patch-ext_zip_lib_zip__name__locate.c 1.1 - lang/php5/patches/patch-ext_zip_php__zip.c 1.1 - lang/php53/Makefile 1.7 - lang/php53/Makefile.php 1.5 - lang/php53/distinfo 1.12 - lang/php53/patches/patch-ext_exif_exif.c 1.1 - lang/php53/patches/patch-ext_zip_lib_zip__name__locate.c 1.1 - lang/php53/patches/patch-ext_zip_php__zip.c 1.1 --- Module Name: pkgsrc Committed By: shattered Date: Tue Feb 15 20:52:24 UTC 2011 Modified Files: pkgsrc/lang/php5: Makefile Makefile.php Log Message: Re-enable DL_AUTO_VARS -- makes PHP CLI work again with extensions that are linked to pthread (like mysql.so). --- Module Name: pkgsrc Committed By: taca Date: Mon Feb 21 16:21:17 UTC 2011 Modified Files: pkgsrc/lang/php5: Makefile.php distinfo Log Message: Re-enable suhosin patch as php53. --- Module Name: pkgsrc Committed By: taca Date: Mon Feb 21 16:23:58 UTC 2011 Modified Files: pkgsrc/lang/php53: Makefile.php Log Message: Re-enable DL_AUTO_VARS as php5 package. --- Module Name: pkgsrc Committed By: taca Date: Mon Feb 21 16:25:33 UTC 2011 Modified Files: pkgsrc/lang/php5: Makefile Added Files: pkgsrc/lang/php5/patches: patch-ext_exif_exif.c patch-ext_zip_lib_zip__name__locate.c patch-ext_zip_php__zip.c Log Message: Add patches to fix SA43328. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Mon Feb 21 16:26:50 UTC 2011 Modified Files: pkgsrc/lang/php5: distinfo Log Message: Regen distinfo. --- Module Name: pkgsrc Committed By: taca Date: Mon Feb 21 16:29:15 UTC 2011 Modified Files: pkgsrc/lang/php53: Makefile Log Message: Bump PKGREVISION for DL_AUTO_VARS. --- Module Name: pkgsrc Committed By: taca Date: Mon Feb 21 16:30:44 UTC 2011 Modified Files: pkgsrc/archivers/php-zip: Makefile pkgsrc/graphics/php-exif: Makefile Log Message: Bump PKGREVISION reflects fix of SA43328. --- Module Name: pkgsrc Committed By: taca Date: Mon Feb 21 16:38:40 UTC 2011 Modified Files: pkgsrc/lang/php53: distinfo Added Files: pkgsrc/lang/php53/patches: patch-ext_exif_exif.c patch-ext_zip_lib_zip__name__locate.c patch-ext_zip_php__zip.c Log Message: Oops, it should be commit before CHANGE-2011 update. Add Add patches to fix SA43328. --- Module Name: pkgsrc Committed By: taca Date: Tue Feb 22 07:36:08 UTC 2011 Modified Files: pkgsrc/archivers/php-zip: Makefile pkgsrc/graphics/php-exif: Makefile Log Message: Add missing USE_PHP_EXT_PATCHES to apply patches really. @ text @d1 1 a1 1 $NetBSD$ a5 3 SHA1 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = fec10b2b81582d06bb0d0a96ea55c525afc8ab29 RMD160 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = b28b70faf136b3e04c5b483da0f4c2279378f43a Size (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 bytes a17 3 SHA1 (patch-ext_exif_exif.c) = 0a6ab268751e633510cb6b334b1bdb84a014b528 SHA1 (patch-ext_zip_lib_zip__name__locate.c) = 4030e37ae4f93dbcb1a3a937a5407c2c406a49d6 SHA1 (patch-ext_zip_php__zip.c) = 134fa566a689d72d63a2fa0aa5c96c4595619089 @ 1.84.2.2 log @Pullup ticket #3394 - requested by taca security fix for devel/php-shmop Revisions pulled up: - devel/php-shmop/Makefile 1.10 - lang/php5/distinfo 1.88 - lang/php5/patches/patch-ext_shmop_shmop.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon Mar 21 16:08:29 UTC 2011 Modified Files: pkgsrc/devel/php-shmop: Makefile pkgsrc/lang/php5: distinfo Added Files: pkgsrc/lang/php5/patches: patch-ext_shmop_shmop.c Log Message: Add a patch to fix bug #54193 (Integer overflow in shmop_read()) referring r309018 from PHPs' repository. (CVE-2011-1092) Bump PKGREVISION of devel/php-shmop. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.84.2.1 2011/02/23 19:12:53 tron Exp $ d6 3 a21 1 SHA1 (patch-ext_shmop_shmop.c) = 6e11b87dd71ff26357b14b61df626c40b40a022d @ 1.84.2.3 log @Pullup ticket #3393 - requested by taca security fix for lang/php5 Revisions pulled up: - lang/php5/Makefile 1.84 - lang/php5/distinfo 1.89 - lang/php5/patches/patch-main_snprintf.c 1.1 - lang/php5/patches/patch-main_snprintf.h 1.1 - lang/php5/patches/patch-main_spprintf.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon Mar 21 16:34:28 UTC 2011 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-main_snprintf.c patch-main_snprintf.h patch-main_spprintf.c Log Message: Apply changes by r308525 from PHP's repository to fix bug #54055 (buffer overrun with high values for precision ini setting). It fixes one of security fixes by PHP 5.3.6. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.84.2.2 2011/03/22 06:22:17 sbd Exp $ a21 3 SHA1 (patch-main_snprintf.c) = cb112df0cadf84aaeee5987169a31460989995a8 SHA1 (patch-main_snprintf.h) = 86ae4c1c8ae9183254e9914cb56d3df999f719cf SHA1 (patch-main_spprintf.c) = 0fe0888b612402c41f040c8781df7f1a7ca66275 @ 1.83 log @Fix VAX floating point handling in zend_strtod.c. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.82 2010/12/16 14:20:45 taca Exp $ d3 3 a5 3 SHA1 (php-5.2.16/php-5.2.16.tar.bz2) = b4d11c6593614fa4ad8bf133f622208ee5e8e9af RMD160 (php-5.2.16/php-5.2.16.tar.bz2) = 2ab6de444af478f3b2b3a8a074c1656e8da0a4e1 Size (php-5.2.16/php-5.2.16.tar.bz2) = 9090930 bytes @ 1.82 log @Update php5 pacakge to 5.2.16: PHP 5.2.16 Released! The PHP development team would like to announce the immediate availability of PHP 5.2.16. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3. This release focuses on addressing a regression in open_basedir implementation introduced in 5.2.15 in addition to fixing a crash inside PDO::pgsql on data retrieval when the server is down. All users who have upgraded to 5.2.15 and are utilizing open_basedir are strongly encouraged to upgrade to 5.2.16 or 5.3.4. To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3. For a full list of changes in PHP 5.2.16 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.16. ChangeLog: Version 5.2.16 16-Dec-2010 * Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu) * Fixed bug #53516 (Regression in open_basedir handling). (Ilia) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.81 2010/12/13 13:15:45 taca Exp $ d7 1 @ 1.81 log @Update php5 package to 5.2.15 (PHP 5.2.15): The PHP development team would like to announce the immediate availability of PHP 5.2.15. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3. This release focuses on improving the security and stability of the PHP 5.2.x branch with a small number, of predominatly security fixes. Security Enhancements and Fixes in PHP 5.2.15: * Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. * Fixed crash in zip extract method (possible CWE-170). * Fixed a possible double free in imap extension. * Fixed possible flaw in open_basedir (CVE-2010-3436). * Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). Key enhancements in PHP 5.2.15 include: * Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). * Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object). * To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3. For a full list of changes in PHP 5.2.15 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.15. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.80 2010/11/25 03:44:16 taca Exp $ d3 3 a5 3 SHA1 (php-5.2.15/php-5.2.15.tar.bz2) = 91e6488a39a80e533f5d792fb8857cf10b0326ad RMD160 (php-5.2.15/php-5.2.15.tar.bz2) = cae061990527216e1d50352a22875807fdb79109 Size (php-5.2.15/php-5.2.15.tar.bz2) = 9089791 bytes @ 1.80 log @- CVE-2010-4150 (php-imap) http://svn.php.net/viewvc?view=revision&revision=305032 - CVE-2010-3710 (a part of SA41724) http://svn.php.net/viewvc?view=revision&revision=303885 - CVE-2010-3870 (a part of SA41724) http://svn.php.net/viewvc?view=revision&revision=305055 Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.79 2010/07/24 22:23:15 tron Exp $ d3 3 a5 6 SHA1 (php-5.2.14/php-5.2.14.tar.bz2) = 311b44b2c0f2eea8ab8dab876d2a6b6e7a55632e RMD160 (php-5.2.14/php-5.2.14.tar.bz2) = f699488f5b266a1c5e36df570c4d5896dc4e0aea Size (php-5.2.14/php-5.2.14.tar.bz2) = 9055945 bytes SHA1 (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = 0a12d3589f9c26dc7d6b6452ef7987b2e6527a30 RMD160 (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = bc7790cd36dc4101322684b754db3ca2d4385ba6 Size (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = 23057 bytes a10 1 SHA1 (patch-ak) = d2b84d8b4b9014602d63cbeac7be63cd6da6f057 a16 2 SHA1 (patch-bf) = 97f5c544e5aa87cf8caff090b57efb02c8acc944 SHA1 (patch-bg) = 57b57e795463ae374687e5565899dffe2d5d4a01 @ 1.79 log @Update "php5" package to version 5.2.14. Changes since version 5.2.13: - Reverted bug fix #49521 (PDO fetchObject sets values before calling constructor). (Felipe) - Updated timezone database to version 2010.5. (Derick) - Upgraded bundled PCRE to version 8.02. (Ilia) - Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott) - Fixed a possible interruption array leak in strrchr(). Reported by Péter Veres. (CVE-2010-2484) (Felipe) - Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe) - Fixed a possible memory corruption in substr_replace() (Dmitry) - Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) - Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia) - Reset error state in PDO::beginTransaction() reset error state. (Ilia) - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia) - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) - Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe) - Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam) - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes) - Fixed bug #52237 (Crash when passing the reference of the property of a non-object). (Dmitry) - Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe) - Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan) - Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe) - Fixed bug #52061 (memory_limit above 2G). (Felipe) - Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function). (Dmitry) - Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) - Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe) - Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com) - Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe) - Fixed bug #51905 (ReflectionParameter fails if default value is an array with an access to self::). (Felipe) - Fixed bug #51822 (Segfault with strange __destruct() for static class variables). (Dmitry) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick) - Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre) - Fixed bug #51617 (PDO PGSQL still broken against PostGreSQL < 7.4). (Felipe, wdierkes at 5dollarwhitebox dot org) - Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe) - Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter). (Felipe) - Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com) - Fixed bug #51607 (pg_copy_from does not allow schema in the tablename argument). (cbandy at jbandy dot com) - Fixed bug #51604 (newline in end of header is shown in start of message). (Daniel Egeberg) - Fixed bug #51562 (query timeout in mssql can not be changed per query). (ejsmont dot artur at gmail dot com) - Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues). (Dmitry) - Fixed bug #51532 (Wrong prototype for SplFileObject::fscanf()). (Etienne) - Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe) - Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains timezone). (Adam) - Fixed bug #51374 (Wrongly initialized object properties). (Etienne) - Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com) - Fixed bug #51273 (Faultstring property does not exist when the faultstring is empty) (Ilia, dennis at transip dot nl) - Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam) - Fixed bug #51263 (imagettftext and rotated text uses wrong baseline) (cschneid at cschneid dot com, Takeshi Abe) - Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com) - Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com) - Fixed bug #51192 (FILTER_VALIDATE_URL will invalidate a hostname that includes '-'). (Adam, solar at azrael dot ws). - Fixed bug #51190 (ftp_put() returns false when transfer was successful). (Ilia) - Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan) - Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia) - Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre) - Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones) - Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris Jones) - Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert) - Fixed bug #50762 (in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com) - Fixed bug #50698 (SoapClient should handle wsdls with some incompatiable endpoints). (Justin Dearing) - Fixed bug #50383 (Exceptions thrown in __call() / __callStatic() do not include file and line in trace). (Felipe) - Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe) - Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne) - Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) - Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe) - Fixed bug #49267 (Linking fails for iconv). (Moriyosh) - Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob) - Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). (Adam, patch from hiroaki dot kawai at gmail dot com). - Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus) - Fixed bug #33210 (getimagesize() fails to detect width/height on certain JPEGs). (Ilia) - Fixed bug #23229 (syslog() truncates messages). (Adam) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.78 2010/06/13 22:44:51 wiz Exp $ d14 1 d21 2 @ 1.79.2.1 log @Pullup ticket #3312 - requested by taca pkgsrc/lang/{php5,php53} security fixes Revisions pulled up: - pkgsrc/databases/php-mysql/Makefile 1.14 - pkgsrc/databases/php-mysqli/Makefile 1.3 - pkgsrc/databases/php-pdo_mysql/Makefile 1.12 - pkgsrc/lang/php5/Makefile 1.80, 1.81 - pkgsrc/lang/php5/Makefile.common 1.43, 1.44 - pkgsrc/lang/php5/distinfo 1.80, 1.81, 1.82 - pkgsrc/lang/php5/patches/patch-ak 1.8, deleted - pkgsrc/lang/php5/patches/patch-bf 1.1, deleted - pkgsrc/lang/php5/patches/patch-bg 1.1, deleted - pkgsrc/lang/php53/Makefile 1.5, 1.6 - pkgsrc/lang/php53/Makefile.common 1.3 - pkgsrc/lang/php53/distinfo 1.7, 1.8 - pkgsrc/lang/php53/patches/patch-ab 1.3 - pkgsrc/lang/php53/patches/patch-am 1.1, deleted - pkgsrc/lang/php53/patches/patch-an 1.1, deleted - pkgsrc/lang/php53/patches/patch-ao 1.1, deleted - pkgsrc/lang/php53/patches/patch-ap 1.1, deleted - pkgsrc/lang/php53/patches/patch-aq 1.1, deleted - pkgsrc/mail/php-imap/Makefile 1.21, 1.22 - pkgsrc/www/ap-php/Makefile 1.24 - pkgsrc/www/php-eaccelerator/Makefile 1.13 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Nov 25 03:43:50 UTC 2010 Modified Files: pkgsrc/lang/php53: Makefile distinfo Added Files: pkgsrc/lang/php53/patches: patch-am patch-an patch-ao patch-ap patch-aq Log Message: - GC bug fix: http://svn.php.net/viewvc?view=revision&revision=303016 - CVE-2010-3710 (a part of SA41724) http://svn.php.net/viewvc?view=revision&revision=303779 - CVE-2010-3870 (a part of SA41724) http://svn.php.net/viewvc?view=revision&revision=304959 - CVE-2010-4150 (php-imap) http://svn.php.net/viewvc?view=revision&revision=305032 - CVE-2010-4156 (SA42135) http://svn.php.net/viewvc?view=revision&revision=305214 Bump PKGREVISION. ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Nov 25 03:44:16 UTC 2010 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-ak patch-bf patch-bg Log Message: - CVE-2010-4150 (php-imap) http://svn.php.net/viewvc?view=revision&revision=305032 - CVE-2010-3710 (a part of SA41724) http://svn.php.net/viewvc?view=revision&revision=303885 - CVE-2010-3870 (a part of SA41724) http://svn.php.net/viewvc?view=revision&revision=305055 Bump PKGREVISION. ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Nov 25 03:45:19 UTC 2010 Modified Files: pkgsrc/mail/php-imap: Makefile Log Message: Bump REVISION since CVE-2010-4150 fix was added. ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Dec 13 13:15:46 UTC 2010 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Removed Files: pkgsrc/lang/php5/patches: patch-ak patch-bf patch-bg Log Message: Update php5 package to 5.2.15 (PHP 5.2.15): The PHP development team would like to announce the immediate availability of PHP 5.2.15. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3. This release focuses on improving the security and stability of the PHP 5.2.x branch with a small number, of predominatly security fixes. Security Enhancements and Fixes in PHP 5.2.15: * Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. * Fixed crash in zip extract method (possible CWE-170). * Fixed a possible double free in imap extension. * Fixed possible flaw in open_basedir (CVE-2010-3436). * Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). Key enhancements in PHP 5.2.15 include: * Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). * Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object). * To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3. For a full list of changes in PHP 5.2.15 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.15. ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Dec 13 13:16:37 UTC 2010 Modified Files: pkgsrc/lang/php53: Makefile Makefile.common distinfo pkgsrc/lang/php53/patches: patch-ab Removed Files: pkgsrc/lang/php53/patches: patch-am patch-an patch-ao patch-ap patch-aq Log Message: Update lang/php53 package to 5.3.4 (PHP 5.3.4). The PHP development team is proud to announce the immediate release of PHP 5.3.4. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.4: * Fixed crash in zip extract method (possible CWE-170). * Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). * Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). * Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). * Fixed possible flaw in open_basedir (CVE-2010-3436). * Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). * Fixed symbolic resolution support when the target is a DFS share. * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). Key Bug Fixes in PHP 5.3.4 include: * Added stat support for zip stream. * Added follow_location (enabled by default) option for the http stream support. * Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. * Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. * Multiple improvements to the FPM SAPI. * Over 100 other bug fixes. For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3. For a full list of changes in PHP 5.3.4, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/. ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Dec 13 13:18:20 UTC 2010 Modified Files: pkgsrc/databases/php-mysql: Makefile pkgsrc/databases/php-mysqli: Makefile pkgsrc/databases/php-pdo_mysql: Makefile pkgsrc/mail/php-imap: Makefile pkgsrc/www/ap-php: Makefile pkgsrc/www/php-eaccelerator: Makefile Log Message: Reset PKGREVISION by update of base PHP version. ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Dec 16 14:20:45 UTC 2010 Modified Files: pkgsrc/lang/php5: Makefile.common distinfo Log Message: Update php5 pacakge to 5.2.16: PHP 5.2.16 Released! The PHP development team would like to announce the immediate availability of PHP 5.2.16. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3. This release focuses on addressing a regression in open_basedir implementation introduced in 5.2.15 in addition to fixing a crash inside PDO::pgsql on data retrieval when the server is down. All users who have upgraded to 5.2.15 and are utilizing open_basedir are strongly encouraged to upgrade to 5.2.16 or 5.3.4. To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3. For a full list of changes in PHP 5.2.16 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.16. ChangeLog: Version 5.2.16 16-Dec-2010 * Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu) * Fixed bug #53516 (Regression in open_basedir handling). (Ilia) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.82 2010/12/16 14:20:45 taca Exp $ d3 6 a8 3 SHA1 (php-5.2.16/php-5.2.16.tar.bz2) = b4d11c6593614fa4ad8bf133f622208ee5e8e9af RMD160 (php-5.2.16/php-5.2.16.tar.bz2) = 2ab6de444af478f3b2b3a8a074c1656e8da0a4e1 Size (php-5.2.16/php-5.2.16.tar.bz2) = 9090930 bytes @ 1.79.2.2 log @Pullup ticket #3319 - requested by taca lang/php5: security update lang/php53: security update Revisions pulled up: - lang/php5/Makefile.common 1.45 - lang/php5/distinfo 1.83 - lang/php5/distinfo 1.84 - lang/php5/patches/patch-ab 1.6 - lang/php5/patches/patch-ab delete - lang/php53/Makefile.common 1.4 - lang/php53/distinfo 1.9 - lang/php53/patches/patch-ar 1.1 --- Module Name: pkgsrc Committed By: jklos Date: Thu Jan 6 22:13:24 UTC 2011 Modified Files: pkgsrc/lang/php5: distinfo Added Files: pkgsrc/lang/php5/patches: patch-ab Log Message: Fix VAX floating point handling in zend_strtod.c. --- Module Name: pkgsrc Committed By: taca Date: Fri Jan 7 09:16:28 UTC 2011 Modified Files: pkgsrc/lang/php5: Makefile.common distinfo Removed Files: pkgsrc/lang/php5/patches: patch-ab Log Message: Update php5 pacakge to 5.2.17. * patch-ab (Fix VAX floating point handling) is merge to PHP 5.2.17. 06 Jan 2010, PHP 5.2.17 - Fixed Bug #53632 (infinite loop with x87 fpu). (CVE-2010-4645) (Scott, Rasmus) --- Module Name: pkgsrc Committed By: taca Date: Fri Jan 7 09:20:16 UTC 2011 Modified Files: pkgsrc/lang/php53: Makefile.common distinfo Added Files: pkgsrc/lang/php53/patches: patch-ar Log Message: Update php53 pacakge to 5.3.5. * Add fix for VAX floating point handling (Bug #53682), r307192 from PHP's repositry. (It is in PHP 5.2.17 but not in 5.3.5). 06 Jan 2011, PHP 5.3.5 - Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus) @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095 RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9 Size (php-5.2.17/php-5.2.17.tar.bz2) = 9092312 bytes a6 1 SHA1 (patch-ab) = feeb73834db284e8b3acabc11fb4c934837cb13f @ 1.78 log @Bump PKGREVISION for libpng shlib name change. Also add some patches to remove use of deprecated symbols and fix other problems when looking for or compiling against libpng-1.4.x. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.77 2010/03/27 06:23:13 taca Exp $ d3 6 a8 6 SHA1 (php-5.2.13/php-5.2.13.tar.bz2) = 7127a21f1b493e3cd43f45cadecdb46b623eb1fb RMD160 (php-5.2.13/php-5.2.13.tar.bz2) = 9e21d32a7b757d25ed827834b26235ea1eebfcc8 Size (php-5.2.13/php-5.2.13.tar.bz2) = 9084518 bytes SHA1 (php-5.2.13/suhosin-patch-5.2.13-0.9.7.patch.gz) = e2faf8db2d7facbd44cee2f737ce87732835d341 RMD160 (php-5.2.13/suhosin-patch-5.2.13-0.9.7.patch.gz) = 63a022a5bf0fb8c6688f4c0ebcfaa8a437ea6935 Size (php-5.2.13/suhosin-patch-5.2.13-0.9.7.patch.gz) = 22989 bytes a19 1 SHA1 (patch-be) = 6388d13d4e9f7ebf7b9a2cf6c096b85df44a648b @ 1.78.2.1 log @Pullup ticket 3184 - requested by tron security updates Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.79 - pkgsrc/lang/php5/distinf 1.79 - pkgsrc/lang/php5/Makefile.common 1.42 - pkgsrc/lang/php5/Makefile.ph 1.42 - pkgsrc/lang/php53/Makefile 1.4 - pkgsrc/lang/php53/Makefile.common 1.2 - pkgsrc/lang/php53/Makefile.php 1.3 - pkgsrc/lang/php53/distinfo 1.6 - pkgsrc/lang/php53/patches/patch-ab 1.2 - pkgsrc/converters/php-mbstring/Makefile 1.2 - pkgsrc/devel/php-gmp/Makefile 1.12 - pkgsrc/graphics/php-gd/Makefile 1.24 - pkgsrc/multimedia/php-ming/Makefile 1.11 - pkgsrc/net/php-xmlrpc/Makefile 1.13 - pkgsrc/net/php-yaz/Makefile 1.9 - pkgsrc/print/php-pdflib/Makefile 1.17 Files deleted: pkgsrc/lang/php5/patches/patch-be pkgsrc/lang/php53/patches/patch-ak ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sat Jul 24 22:23:15 UTC 2010 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common Makefile.php distinfo Removed Files: pkgsrc/lang/php5/patches: patch-be Log Message: Update "php5" package to version 5.2.14. Changes since version 5.2.13: - Reverted bug fix #49521 (PDO fetchObject sets values before calling constructor). (Felipe) - Updated timezone database to version 2010.5. (Derick) - Upgraded bundled PCRE to version 8.02. (Ilia) - Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott) - Fixed a possible interruption array leak in strrchr(). Reported by P??ter Veres. (CVE-2010-2484) (Felipe) - Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe) - Fixed a possible memory corruption in substr_replace() (Dmitry) - Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) - Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia) - Reset error state in PDO::beginTransaction() reset error state. (Ilia) - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia) - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) - Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe) - Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam) - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes) - Fixed bug #52237 (Crash when passing the reference of the property of a non-object). (Dmitry) - Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe) - Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan) - Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe) - Fixed bug #52061 (memory_limit above 2G). (Felipe) - Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function). (Dmitry) - Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) - Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe) - Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com) - Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe) - Fixed bug #51905 (ReflectionParameter fails if default value is an array with an access to self::). (Felipe) - Fixed bug #51822 (Segfault with strange __destruct() for static class variables). (Dmitry) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick) - Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre) - Fixed bug #51617 (PDO PGSQL still broken against PostGreSQL < 7.4). (Felipe, wdierkes at 5dollarwhitebox dot org) - Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe) - Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter). (Felipe) - Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com) - Fixed bug #51607 (pg_copy_from does not allow schema in the tablename argument). (cbandy at jbandy dot com) - Fixed bug #51604 (newline in end of header is shown in start of message). (Daniel Egeberg) - Fixed bug #51562 (query timeout in mssql can not be changed per query). (ejsmont dot artur at gmail dot com) - Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues). (Dmitry) - Fixed bug #51532 (Wrong prototype for SplFileObject::fscanf()). (Etienne) - Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe) - Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains timezone). (Adam) - Fixed bug #51374 (Wrongly initialized object properties). (Etienne) - Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com) - Fixed bug #51273 (Faultstring property does not exist when the faultstring is empty) (Ilia, dennis at transip dot nl) - Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam) - Fixed bug #51263 (imagettftext and rotated text uses wrong baseline) (cschneid at cschneid dot com, Takeshi Abe) - Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com) - Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com) - Fixed bug #51192 (FILTER_VALIDATE_URL will invalidate a hostname that includes '-'). (Adam, solar at azrael dot ws). - Fixed bug #51190 (ftp_put() returns false when transfer was successful). (Ilia) - Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan) - Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia) - Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre) - Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones) - Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris Jones) - Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert) - Fixed bug #50762 (in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com) - Fixed bug #50698 (SoapClient should handle wsdls with some incompatiable endpoints). (Justin Dearing) - Fixed bug #50383 (Exceptions thrown in __call() / __callStatic() do not include file and line in trace). (Felipe) - Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe) - Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne) - Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) - Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe) - Fixed bug #49267 (Linking fails for iconv). (Moriyosh) - Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob) - Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). (Adam, patch from hiroaki dot kawai at gmail dot com). - Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus) - Fixed bug #33210 (getimagesize() fails to detect width/height on certain JPEGs). (Ilia) - Fixed bug #23229 (syslog() truncates messages). (Adam) To generate a diff of this commit: cvs rdiff -u -r1.78 -r1.79 pkgsrc/lang/php5/Makefile \ pkgsrc/lang/php5/distinfo cvs rdiff -u -r1.41 -r1.42 pkgsrc/lang/php5/Makefile.common \ pkgsrc/lang/php5/Makefile.php cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-be ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sat Jul 24 22:23:37 UTC 2010 Modified Files: pkgsrc/lang/php53: Makefile Makefile.common Makefile.php distinfo pkgsrc/lang/php53/patches: patch-ab Removed Files: pkgsrc/lang/php53/patches: patch-ak Log Message: Update "php53" package to version 5.3.3. Changes since version 5.3.2: - Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott) - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) - A large number of not security related bug fixes To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php53/Makefile cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/lang/php53/Makefile.common cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php53/Makefile.php cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/php53/distinfo cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/lang/php53/patches/patch-ab cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php53/patches/patch-ak ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sat Jul 24 22:24:22 UTC 2010 Modified Files: pkgsrc/converters/php-mbstring: Makefile pkgsrc/devel/php-gmp: Makefile pkgsrc/graphics/php-gd: Makefile pkgsrc/multimedia/php-ming: Makefile pkgsrc/net/php-xmlrpc: Makefile pkgsrc/net/php-yaz: Makefile pkgsrc/print/php-pdflib: Makefile Log Message: Revert revision of several PHP extensions after both core PHP packages were updated. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/converters/php-mbstring/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/devel/php-gmp/Makefile cvs rdiff -u -r1.23 -r1.24 pkgsrc/graphics/php-gd/Makefile cvs rdiff -u -r1.10 -r1.11 pkgsrc/multimedia/php-ming/Makefile cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/php-xmlrpc/Makefile cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/php-yaz/Makefile cvs rdiff -u -r1.16 -r1.17 pkgsrc/print/php-pdflib/Makefile @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.79 2010/07/24 22:23:15 tron Exp $ d3 6 a8 6 SHA1 (php-5.2.14/php-5.2.14.tar.bz2) = 311b44b2c0f2eea8ab8dab876d2a6b6e7a55632e RMD160 (php-5.2.14/php-5.2.14.tar.bz2) = f699488f5b266a1c5e36df570c4d5896dc4e0aea Size (php-5.2.14/php-5.2.14.tar.bz2) = 9055945 bytes SHA1 (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = 0a12d3589f9c26dc7d6b6452ef7987b2e6527a30 RMD160 (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = bc7790cd36dc4101322684b754db3ca2d4385ba6 Size (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = 23057 bytes d20 1 @ 1.77 log @Add patch for php-xmlrpc to fix CVE-2010-0397 security problem. These patch are created from r296152 and r296153 from svn from PHP. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.76 2010/03/04 15:36:04 taca Exp $ d14 1 a14 1 SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50 @ 1.76 log @Update suhosin patch for PHP 5.2.13. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.75 2010/03/03 02:15:15 taca Exp $ d20 1 @ 1.75 log @Oops, previous patch's path was wrong and corrected now. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.74 2010/03/03 02:01:40 taca Exp $ d6 3 @ 1.74 log @Fix php-gmp build problem with gmp-5.0.1 and later refering http://svn.php.net/viewvc?view=revision&revision=295402. No PKGREVISION bump since it is only build problem fix. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.73 2010/02/27 03:25:16 taca Exp $ d7 1 a7 1 SHA1 (patch-af) = 716a7905491d4c08bc3fcaeb267f777963279d76 @ 1.73 log @Update php5 package to 5.2.13. 25 Feb 2010, PHP 5.2.13 - Updated timezone database to version 2010.2. (Derick) - Upgraded bundled PCRE to version 7.9. (Ilia) - Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes excluding Windows). (Tony, Ilia) - Changed tidyNode class to disallow manual node creation. (Pierrick) - Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia) - Improved LCG entropy. (Rasmus, Samy Kamkar) - Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) - Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia) - Fixed bug in bundled libgd causing spurious horizontal lines drawn by gdImageFilledPolygon (libgd #100). (Takeshi Abe) - Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey) - Fixed bug #50940 Custom content-length set incorrectly in Apache sapis. (Brian France, Rasmus) - Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick) - Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de) - Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). (Ilia) - Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani) - Fixed bug #50823 (ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe) - Fixed bug #50791 (Compile failure: Bad logic in defining fopencookie emulation). (Jani) - Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia) - Fixed bug #50772 (mysqli constructor without parameters does not return a working mysqli object). (Andrey) - Fixed bug #50761 (system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia) - Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia) - Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia) - Fixed bug #50727 (Accessing mysqli->affected_rows on no connection causes segfault). (Andrey, Johannes) - Fixed bug #50680 (strtotime() does not support eighth ordinal number). (Ilia) - Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob) - Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia) - Fixed bug #50636 (MySQLi_Result sets values before calling constructor). (Pierrick) - Fixed bug #50632 (filter_input() does not return default value if the variable does not exist). (Ilia) - Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick) - Fixed bug #50575 (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). (Matteo) - Fixed bug #50558 (Broken object model when extending tidy). (Pierrick) - Fixed bug #50540 (Crash while running ldap_next_reference test cases). (Sriram) - Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani) - Fixed bug #50394 (Reference argument converted to value in __call). (Stas) - Fixed bug #49851 (http wrapper breaks on 1024 char long headers). (Ilia) - Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe) - Fixed bug #49585 (date_format buffer not long enough for >4 digit years). (Derick, Adam) - Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob) - Fixed bug #48667 (Implementing Iterator and IteratorAggregate). (Etienne) - Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram) - Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia) - Fixed bug #47601 (defined() requires class to exist when testing for class constants). (Ilia) - Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com) - Fixed bug #47002 (Field truncation when reading from dbase dbs with more then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl) - Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke) - Fixed bug #44827 (define() allows :: in constant names). (Ilia) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.72 2010/02/05 12:15:47 obache Exp $ a5 3 SHA1 (php-5.2.13/suhosin-patch-5.2.12-0.9.7.patch.gz) = fb8719aabcf422298d1aaff0bb96fbfca61681ae RMD160 (php-5.2.13/suhosin-patch-5.2.12-0.9.7.patch.gz) = ffcefe05cbfb5ad4649cc9f25ccf4dadb4d3bb57 Size (php-5.2.13/suhosin-patch-5.2.12-0.9.7.patch.gz) = 23062 bytes d7 1 @ 1.72 log @Suhosin patch for php-5.2.12 is available now. Noticed by Volkmar Seifert via PR#42749. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.71 2009/12/23 07:07:34 taca Exp $ d3 6 a8 6 SHA1 (php-5.2.12/php-5.2.12.tar.bz2) = 6605f23b70e3db824047830f08d636e09ec10ff3 RMD160 (php-5.2.12/php-5.2.12.tar.bz2) = 027f3597fd961d2a95682e2f0738415f8a911371 Size (php-5.2.12/php-5.2.12.tar.bz2) = 9075161 bytes SHA1 (php-5.2.12/suhosin-patch-5.2.12-0.9.7.patch.gz) = fb8719aabcf422298d1aaff0bb96fbfca61681ae RMD160 (php-5.2.12/suhosin-patch-5.2.12-0.9.7.patch.gz) = ffcefe05cbfb5ad4649cc9f25ccf4dadb4d3bb57 Size (php-5.2.12/suhosin-patch-5.2.12-0.9.7.patch.gz) = 23062 bytes @ 1.71 log @Update lang/php5 to 5.2.12, security update. Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.70 2009/11/30 06:14:08 taca Exp $ d6 3 a8 3 SHA1 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1 RMD160 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15 Size (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes @ 1.71.2.1 log @Pullup ticket 2990 - requested by obache build fix for php5 with suhosin option Revisions pulled up: - pkgsrc/lang/php5/Makefile.php 1.38 - pkgsrc/lang/php5/distinfo 1.72 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: obache Date: Fri Feb 5 12:15:47 UTC 2010 Modified Files: pkgsrc/lang/php5: Makefile.php distinfo Log Message: Suhosin patch for php-5.2.12 is available now. Noticed by Volkmar Seifert via PR#42749. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 pkgsrc/lang/php5/Makefile.php cvs rdiff -u -r1.71 -r1.72 pkgsrc/lang/php5/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.72 2010/02/05 12:15:47 obache Exp $ d6 3 a8 3 SHA1 (php-5.2.12/suhosin-patch-5.2.12-0.9.7.patch.gz) = fb8719aabcf422298d1aaff0bb96fbfca61681ae RMD160 (php-5.2.12/suhosin-patch-5.2.12-0.9.7.patch.gz) = ffcefe05cbfb5ad4649cc9f25ccf4dadb4d3bb57 Size (php-5.2.12/suhosin-patch-5.2.12-0.9.7.patch.gz) = 23062 bytes @ 1.71.2.2 log @Pullup ticket #3036 - requested by taca php5: security update php-bz2: security update php-zip: security update php-zlib: security update php-iconv: security update php-dba: security update php-dbase: security update php-dbx: security update php-ldap: security update php-mssql: security update php-mysql: security update php-odbc: security update php-pdo: security update php-pdo_dblib: security update php-pdo_mysql: security update php-pdo_pgsql: security update php-pdo_sqlite: security update php-pgsql: security update php-sqlite: security update php5-mysqli: security update php-gettext: security update php-gmp: security update php-memcache: security update php-pcntl: security update php-posix: security update php-shmop: security update php-sysvsem: security update php-sysvshm: security update php-exif: security update php-gd: security update php5-perl: security update php-imap: security update php-bcmath: security update php-calendar: security update php-mbstring: security update php-ming: security update php-ftp: security update php-snmp: security update php-sockets: security update php-xmlrpc: security update php-yaz: security update php5-soap: security update php-pdflib: security update php-mcrypt: security update php-mhash: security update php-suhosin: security update php-json: security update php-pspell: security update php-wddx: security update php5-dom: security update php5-xsl: security update php-apc: security update php-curl: security update php-eaccelerator: security update Revisions pulled up: - archivers/php-zlib/Makefile 1.14 - databases/php-dba/Makefile 1.12 - databases/php-ldap/Makefile 1.16 - databases/php-mssql/Makefile 1.12 - databases/php-pdo_dblib/Makefile 1.12 - databases/php-pdo_pgsql/Makefile 1.13 - databases/php-pgsql/Makefile 1.14 - graphics/php-exif/Makefile 1.8 - graphics/php-gd/Makefile 1.22 - lang/php5/Makefile 1.77-1.78 - lang/php5/Makefile.common 1.40 - lang/php5/Makefile.php 1.39-1.41 - lang/php5/distinfo 1.73,1.76 - mail/php-imap/Makefile 1.20 - net/php-ftp/Makefile 1.12 - print/php-pdflib/Makefile 1.13 - www/php-curl/Makefile 1.16 --- Module Name: pkgsrc Committed By: taca Date: Sat Feb 27 03:25:17 UTC 2010 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common Makefile.php distinfo Log Message: Update php5 package to 5.2.13. 25 Feb 2010, PHP 5.2.13 - Updated timezone database to version 2010.2. (Derick) - Upgraded bundled PCRE to version 7.9. (Ilia) - Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes excluding Windows). (Tony, Ilia) - Changed tidyNode class to disallow manual node creation. (Pierrick) - Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia) - Improved LCG entropy. (Rasmus, Samy Kamkar) - Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) - Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia) - Fixed bug in bundled libgd causing spurious horizontal lines drawn by gdImageFilledPolygon (libgd #100). (Takeshi Abe) - Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey) - Fixed bug #50940 Custom content-length set incorrectly in Apache sapis. (Brian France, Rasmus) - Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick) - Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de) - Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). (Ilia) - Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani) - Fixed bug #50823 (ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe) - Fixed bug #50791 (Compile failure: Bad logic in defining fopencookie emulation). (Jani) - Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia) - Fixed bug #50772 (mysqli constructor without parameters does not return a working mysqli object). (Andrey) - Fixed bug #50761 (system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia) - Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia) - Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia) - Fixed bug #50727 (Accessing mysqli->affected_rows on no connection causes segfault). (Andrey, Johannes) - Fixed bug #50680 (strtotime() does not support eighth ordinal number). (Ilia) - Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob) - Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia) - Fixed bug #50636 (MySQLi_Result sets values before calling constructor). (Pierrick) - Fixed bug #50632 (filter_input() does not return default value if the variable does not exist). (Ilia) - Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick) - Fixed bug #50575 (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). (Matteo) - Fixed bug #50558 (Broken object model when extending tidy). (Pierrick) - Fixed bug #50540 (Crash while running ldap_next_reference test cases). (Sriram) - Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani) - Fixed bug #50394 (Reference argument converted to value in __call). (Stas) - Fixed bug #49851 (http wrapper breaks on 1024 char long headers). (Ilia) - Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe) - Fixed bug #49585 (date_format buffer not long enough for >4 digit years). (Derick, Adam) - Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob) - Fixed bug #48667 (Implementing Iterator and IteratorAggregate). (Etienne) - Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram) - Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia) - Fixed bug #47601 (defined() requires class to exist when testing for class constants). (Ilia) - Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com) - Fixed bug #47002 (Field truncation when reading from dbase dbs with more then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl) - Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke) - Fixed bug #44827 (define() allows :: in constant names). (Ilia) --- Module Name: pkgsrc Committed By: taca Date: Sat Feb 27 03:35:12 UTC 2010 Modified Files: pkgsrc/archivers/php-zlib: Makefile pkgsrc/databases/php-dba: Makefile pkgsrc/databases/php-ldap: Makefile pkgsrc/databases/php-mssql: Makefile pkgsrc/databases/php-pdo_dblib: Makefile pkgsrc/databases/php-pdo_pgsql: Makefile pkgsrc/databases/php-pgsql: Makefile pkgsrc/graphics/php-exif: Makefile pkgsrc/graphics/php-gd: Makefile pkgsrc/mail/php-imap: Makefile pkgsrc/net/php-ftp: Makefile pkgsrc/print/php-pdflib: Makefile pkgsrc/www/php-curl: Makefile Log Message: Reset PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Wed Mar 3 10:51:35 UTC 2010 Modified Files: pkgsrc/lang/php5: Makefile.php Log Message: Re-enable suhosin option since there is no need to disable it. Noted by Volkmar Seifert and I misunderstood something. --- Module Name: pkgsrc Committed By: taca Date: Thu Mar 4 15:36:04 UTC 2010 Modified Files: pkgsrc/lang/php5: Makefile Makefile.php distinfo Log Message: Update suhosin patch for PHP 5.2.13. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 6 a8 6 SHA1 (php-5.2.13/php-5.2.13.tar.bz2) = 7127a21f1b493e3cd43f45cadecdb46b623eb1fb RMD160 (php-5.2.13/php-5.2.13.tar.bz2) = 9e21d32a7b757d25ed827834b26235ea1eebfcc8 Size (php-5.2.13/php-5.2.13.tar.bz2) = 9084518 bytes SHA1 (php-5.2.13/suhosin-patch-5.2.13-0.9.7.patch.gz) = e2faf8db2d7facbd44cee2f737ce87732835d341 RMD160 (php-5.2.13/suhosin-patch-5.2.13-0.9.7.patch.gz) = 63a022a5bf0fb8c6688f4c0ebcfaa8a437ea6935 Size (php-5.2.13/suhosin-patch-5.2.13-0.9.7.patch.gz) = 22989 bytes @ 1.70 log @Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry. 1. CVE-2009-3292 is already fixed in 5.2.11. 2. CVE-2009-3558 http://svn.php.net/viewvc?view=revision&revision=288934 3. CVE-2009-3557 http://svn.php.net/viewvc?view=revision&revision=288945 http://svn.php.net/viewvc?view=revision&revision=288971 4. CVE-2009-4017 http://svn.php.net/viewvc?view=revision&revision=289990 http://svn.php.net/viewvc?view=revision&revision=290820 http://svn.php.net/viewvc?view=revision&revision=290885 Other pkgsrc changes: * Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended. * Add comments to some of patch files. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.69 2009/10/22 14:49:06 taca Exp $ d3 6 a8 6 SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654 Size (php-5.2.11/php-5.2.11.tar.bz2) = 9030787 bytes SHA1 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1 RMD160 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15 Size (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes d10 2 a11 2 SHA1 (patch-ag) = 901552355a3d57d9b8e23b31cd0edfd28db8b2bb SHA1 (patch-ah) = 7702da73f3a457ee381542b454d19b1f4b421e01 a18 6 SHA1 (patch-ay) = 7ae502db6574a91fcbb487d37c14a5de644b01b6 SHA1 (patch-az) = 04e69038e693cc72fb0f67ce04dd1778dacb1756 SHA1 (patch-ba) = d9483f61b19c297eced12ae3d84d5163e33327b4 SHA1 (patch-bb) = abbc8747e520d3665d3bcccf9c87741ecc6dc210 SHA1 (patch-bc) = 9cb2e7fcd6f91d3382a69d68a80d72fdb8fbf2a7 SHA1 (patch-bd) = 85c891ada42c062b365051b43a3b53c33fa39a92 @ 1.69 log @Add patch to check byte sequence more strictly in htmlspecialchars(). http://bugs.php.net/bug.php?id=49785 These are patch refrects r289411, r289554, r289565, r289567 and r289605 in PHP svn repositry. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.68 2009/10/22 14:37:47 taca Exp $ d10 2 a11 2 SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587 d19 6 a24 2 SHA1 (patch-ay) = c2667dd398c1c58e55f459f2df02613dc028e9cc SHA1 (patch-az) = ebdd76b8a5e6cf853b467a67fc6c8948a91d822a @ 1.68 log @Add a patch from PHP's SVN repositry to fix gd library security problem. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 Bump PKGREVISION of php-gd package. (This fix is for php5 only and I don't know about php4.) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.67 2009/09/26 07:35:31 taca Exp $ d20 1 @ 1.67 log @Update suhosin patch to 5.2.11, too. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.66 2009/09/26 05:40:05 taca Exp $ d19 1 @ 1.67.2.1 log @Pullup ticket #2918 - requested by taca: php-gd: security patch Revisions pulled up: - graphics/php-gd/Makefile 1.20 - lang/php5/distinfo 1.68 - lang/php5/patches/patch-ay 1.1 --- Module Name: pkgsrc Committed By: taca Date: Thu Oct 22 14:37:47 UTC 2009 Modified Files: pkgsrc/graphics/php-gd: Makefile pkgsrc/lang/php5: distinfo Added Files: pkgsrc/lang/php5/patches: patch-ay Log Message: Add a patch from PHP's SVN repositry to fix gd library security problem. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546> @ text @d1 1 a1 1 $NetBSD$ a18 1 SHA1 (patch-ay) = c2667dd398c1c58e55f459f2df02613dc028e9cc @ 1.67.2.2 log @Pullup ticket #2939 - requested by taca php5: security patch Revisions pulled up: - lang/php5/Makefile 1.73-1.74 - lang/php5/distinfo 1.69-1.70 - lang/php5/patches/patch-ag 1.3 - lang/php5/patches/patch-ah 1.2 - lang/php5/patches/patch-ay 1.2 - lang/php5/patches/patch-az 1.1-1.2 - lang/php5/patches/patch-ba 1.1 - lang/php5/patches/patch-bb 1.1 - lang/php5/patches/patch-bc 1.1 - lang/php5/patches/patch-bd 1.1 --- Module Name: pkgsrc Committed By: taca Date: Thu Oct 22 14:49:06 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-az Log Message: Add patch to check byte sequence more strictly in htmlspecialchars(). http://bugs.php.net/bug.php?id=49785 These are patch refrects r289411, r289554, r289565, r289567 and r289605 in PHP svn repositry. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Mon Nov 30 06:14:08 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile distinfo pkgsrc/lang/php5/patches: patch-ag patch-ah patch-ay patch-az Added Files: pkgsrc/lang/php5/patches: patch-ba patch-bb patch-bc patch-bd Log Message: Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry. 1. CVE-2009-3292 is already fixed in 5.2.11. 2. CVE-2009-3558 http://svn.php.net/viewvc?view=revision&revision=288934 3. CVE-2009-3557 http://svn.php.net/viewvc?view=revision&revision=288945 http://svn.php.net/viewvc?view=revision&revision=288971 4. CVE-2009-4017 http://svn.php.net/viewvc?view=revision&revision=289990 http://svn.php.net/viewvc?view=revision&revision=290820 http://svn.php.net/viewvc?view=revision&revision=290885 Other pkgsrc changes: * Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended. * Add comments to some of patch files. Bump PKGREVISION. @ text @d10 2 a11 2 SHA1 (patch-ag) = 901552355a3d57d9b8e23b31cd0edfd28db8b2bb SHA1 (patch-ah) = 7702da73f3a457ee381542b454d19b1f4b421e01 d19 1 a19 6 SHA1 (patch-ay) = 7ae502db6574a91fcbb487d37c14a5de644b01b6 SHA1 (patch-az) = 04e69038e693cc72fb0f67ce04dd1778dacb1756 SHA1 (patch-ba) = d9483f61b19c297eced12ae3d84d5163e33327b4 SHA1 (patch-bb) = abbc8747e520d3665d3bcccf9c87741ecc6dc210 SHA1 (patch-bc) = 9cb2e7fcd6f91d3382a69d68a80d72fdb8fbf2a7 SHA1 (patch-bd) = 85c891ada42c062b365051b43a3b53c33fa39a92 @ 1.67.2.3 log @Pullup ticket 2955 - requested by taca security update Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.75 - pkgsrc/lang/php5/Makefile.common 1.39 - pkgsrc/lang/php5/PLIST 1.25 - pkgsrc/lang/php5/distinfo 1.71 - pkgsrc/lang/php5/patches/patch-ag 1.4 - pkgsrc/lang/php5/patches/patch-ah 1.3 - pkgsrc/textproc/php5-xsl/Makefile 1.13 Files removed: pkgsrc/lang/php5/patches/patch-ay pkgsrc/lang/php5/patches/patch-az pkgsrc/lang/php5/patches/patch-ba pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc pkgsrc/lang/php5/patches/patch-bd ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Dec 23 07:07:35 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo pkgsrc/lang/php5/patches: patch-ag patch-ah Removed Files: pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb patch-bc patch-bd Log Message: Update lang/php5 to 5.2.12, security update. Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes. To generate a diff of this commit: cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \ pkgsrc/lang/php5/patches/patch-az cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \ pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \ pkgsrc/lang/php5/patches/patch-bd -------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Dec 23 07:08:31 UTC 2009 Modified Files: pkgsrc/textproc/php5-xsl: Makefile Log Message: Reset PKGREVISION by implicit update to 5.2.12. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 pkgsrc/textproc/php5-xsl/Makefile @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.71 2009/12/23 07:07:34 taca Exp $ d3 6 a8 6 SHA1 (php-5.2.12/php-5.2.12.tar.bz2) = 6605f23b70e3db824047830f08d636e09ec10ff3 RMD160 (php-5.2.12/php-5.2.12.tar.bz2) = 027f3597fd961d2a95682e2f0738415f8a911371 Size (php-5.2.12/php-5.2.12.tar.bz2) = 9075161 bytes SHA1 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1 RMD160 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15 Size (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes d10 2 a11 2 SHA1 (patch-ag) = 5e3e822657925a77fbccaca63f283863a1cc6d94 SHA1 (patch-ah) = a25cb7fa3d1f5b9fb99493a4348fdba69d3d4728 d19 6 @ 1.66 log @Update lang/php5 to 5.2.11, fixing security problem of 5.2.10. One pkglint warning was fixed, too. PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 17 Sep 2009, PHP 5.2.11 - Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia) 10 Sep 2009, PHP 5.2.11RC3 - Updated timezone database to version 2009.13 (2009m) (Derick) - Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia) - Fixed bug #49447 (php engine needs to correctly check for socket API return status on windows). (Sriram Natarajan) - Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo) 03 Sep 2009, PHP 5.2.11RC2 - Added missing sanity checks around exif processing. (Ilia) - Fixed sanity check for the color index in imagecolortransparent. (Pierre) - Fixed zlib.deflate compress filter to actually accept level parameter. (Jani) - Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre) - Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru) - Fixed bug #49289 (bcmath module doesn't compile with phpize configure). (Jani) - Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani) - Fixed bug #49269 (Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry) - Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani) - Fixed bug #49144 (Import of schema from different host transmits original authentication details). (Dmitry) - Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas) - Fixed bug #48696 (ldap_read() segfaults with invalid parameters). (Felipe) - Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry) - Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett) 13 Aug 2009, PHP 5.2.11RC1 - Fixed regression in cURL extension that prevented flush of data to output defined as a file handle. (Ilia) - Fixed memory leak in stream_is_local(). (Felipe, Tony) - Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre) - Fixed bug #49132 (posix_times returns false without error). (phpbugs at gunnu dot us) - Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu) - Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe) - Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani) - Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre) - Fixed bug #49052 (context option headers freed too early when using --with-curlwrappers). (Jani) - Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). (Jani) - Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia) - Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani) - Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe) - Fixed bug #48962 (cURL does not upload files with specified filename). (Ilia) - Fixed bug #48929 (Double \r\n after HTTP headers when "header" context option is an array). (David Zülke) - Fixed bug #48913 (Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe) - Fixed bug #48802 (printf() returns incorrect outputted length). (Jani) - Fixed bug #48801 (Problem with imagettfbbox). (Takeshi Abe) - Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia) - Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan) - Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre) - Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe) - Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia) - Fixed bug #48732 (TTF Bounding box wrong for letters below baseline). (Takeshi Abe) - Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia) - Fixed bug #48709 (metaphone and 'wh'). (brettz9 at yahoo dot com, Felipe) - Fixed bug #48697 (mb_internal_encoding() value gets reset by parse_str()). (Moriyoshi) - Fixed bug #48693 (Double declaration of __lambda_func when lambda wrongly formatted). (peter at lvp-media dot com, Felipe) - Fixed bug #48661 (phpize is broken with non-bash shells). (Jani) - Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi) - Fixed bug #48637 ("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani) - Fixed bug #48636 (Error compiling of ext/date on netware). (guenter at php.net, Ilia) - Fixed bug #48629 (get_defined_constants() ignores categorize parameter). (Felipe) - Fixed bug #48619 (imap_search ALL segfaults). (Pierre) - Fixed bug #48608 (Invalid libreadline version not detected during configure). (Jani) - Fixed bug #48555 (ImageFTBBox() differs from previous versions for texts with new lines) (Takeshi Abe) - Fixed bug #48539 (pdo_dblib fails to connect, throws empty PDOException "SQLSTATE[] (null)"). (Felipe) - Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR). (Ilia) - Fixed bug #48450 (Compile failure under IRIX 6.5.30 building gd.c). (Kalle) - Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani) - Fixed bug #48284 (hash "adler32" byte order is reversed). (Scott) - Fixed bug #48276 (date("Y") on big endian machines produces the wrong result). (Scott) - Fixed bug #48247 (Infinite loop and possible crash during startup with errors when errors are logged). (Jani) - Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org) - Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan) - Fixed bug #48057 (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net) - Fixed bug #47481 (natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke) - Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John) - Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler) - Fixed bug #45905 (imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre) - Fixed bug #45280 (Reflection of instantiated COM classes causes PHP to crash) (Paul Richards, Kalle) - Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia) - Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre) - Fixed bug #44144 (spl_autoload_functions() should return object instance when appropriate). (Hannes, Etienne) - Fixed bug #43510 (stream_get_meta_data() does not return same mode as used in fopen). (Jani) - Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.65 2009/08/11 14:41:23 taca Exp $ d6 3 @ 1.65 log @* Add a patch to fix build problem with OpenSSL 1.0.0 and later. The patch is provided by Sverre Froyen and I confirmed its contents. * Remove checksum for patch-ad which had been removed. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.64 2009/07/07 21:57:28 jdolecek Exp $ d3 3 a5 6 SHA1 (php-5.2.10/php-5.2.10.tar.bz2) = 9a287e2791d28928fb1ee1a1167290c5005feccd RMD160 (php-5.2.10/php-5.2.10.tar.bz2) = 9a9ec823eda9d6b3c085967e7a71f776071fc78f Size (php-5.2.10/php-5.2.10.tar.bz2) = 8808759 bytes SHA1 (php-5.2.10/suhosin-patch-5.2.10-0.9.7.patch.gz) = 3768bbded0bb2376414322b26308342452cb927a RMD160 (php-5.2.10/suhosin-patch-5.2.10-0.9.7.patch.gz) = 18df1686a48d652f581591115b51461e9dacf5a4 Size (php-5.2.10/suhosin-patch-5.2.10-0.9.7.patch.gz) = 23072 bytes a15 1 SHA1 (patch-ax) = faee56533644ef84c1e001e37d5d399259047d71 @ 1.64 log @Update lang/php5 to version 5.2.10 - according to the release annoucement: Security Enhancements and Fixes in PHP 5.2.10: * Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre) Key enhancements in PHP 5.2.10 include: * Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara) * Fixed memory corruptions while reading properties of zip files. (Ilia) * Fixed memory leak in ob_get_clean/ob_get_flush. (Christian) * Fixed segfault on invalid session.save_path. (Hannes) * Fixed leaks in imap when a mail_criteria is used. (Pierre) * Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi) * Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt) * Fixed bug #47903 ("@@" operator does not work with string offsets). (Felipe) * Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott) * Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia) * Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems). * Over 100 bug fixes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.63 2009/06/26 21:56:40 jdolecek Exp $ a9 1 SHA1 (patch-ad) = b324c33b1e70adee5b89dcecdd7690dcadcc18ec d19 1 @ 1.63 log @add checksum for new patch-as @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.62 2009/03/05 23:22:24 adrianp Exp $ d3 6 a8 6 SHA1 (php-5.2.9/php-5.2.9.tar.bz2) = 1c738dbd7e3f8d723b6ce2e0fbc90a69e249f5f0 RMD160 (php-5.2.9/php-5.2.9.tar.bz2) = fc2b316ff05462667704027cf2a1a4ac0a238422 Size (php-5.2.9/php-5.2.9.tar.bz2) = 10203122 bytes SHA1 (php-5.2.9/suhosin-patch-5.2.9-0.9.7.patch.gz) = 4197644330a4f182f4dd64beb9db29406ed300ca RMD160 (php-5.2.9/suhosin-patch-5.2.9-0.9.7.patch.gz) = 1d2e01a935c4bbc9e858796f8f6004b4f75950b3 Size (php-5.2.9/suhosin-patch-5.2.9-0.9.7.patch.gz) = 23026 bytes @ 1.63.2.1 log @Pullup ticket #2903 - requested by taca php5: security update Revisions pulled up: - lang/php5/Makefile.common 1.37 - lang/php5/Makefile.php 1.36-1.37 via patch - lang/php5/PLIST 1.24 - lang/php5/distinfo 1.66-1.67 via patch - lang/php5/patches/patch-ad delete --- Module Name: pkgsrc Committed By: taca Date: Sat Sep 26 05:40:05 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile.common Makefile.php PLIST distinfo Removed Files: pkgsrc/lang/php5/patches: patch-ax Log Message: Update lang/php5 to 5.2.11, fixing security problem of 5.2.10. One pkglint warning was fixed, too. PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 17 Sep 2009, PHP 5.2.11 - Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia) 10 Sep 2009, PHP 5.2.11RC3 - Updated timezone database to version 2009.13 (2009m) (Derick) - Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia) - Fixed bug #49447 (php engine needs to correctly check for socket API return status on windows). (Sriram Natarajan) - Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo) 03 Sep 2009, PHP 5.2.11RC2 - Added missing sanity checks around exif processing. (Ilia) - Fixed sanity check for the color index in imagecolortransparent. (Pierre) - Fixed zlib.deflate compress filter to actually accept level parameter. (Jani) - Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre) - Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru) - Fixed bug #49289 (bcmath module doesn't compile with phpize configure). (Jani) - Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani) - Fixed bug #49269 (Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry) - Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani) - Fixed bug #49144 (Import of schema from different host transmits original authentication details). (Dmitry) - Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas) - Fixed bug #48696 (ldap_read() segfaults with invalid parameters). (Felipe) - Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry) - Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett) 13 Aug 2009, PHP 5.2.11RC1 - Fixed regression in cURL extension that prevented flush of data to output defined as a file handle. (Ilia) - Fixed memory leak in stream_is_local(). (Felipe, Tony) - Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre) - Fixed bug #49132 (posix_times returns false without error). (phpbugs at gunnu dot us) - Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu) - Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe) - Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani) - Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre) - Fixed bug #49052 (context option headers freed too early when using --with-curlwrappers). (Jani) - Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). (Jani) - Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia) - Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani) - Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe) - Fixed bug #48962 (cURL does not upload files with specified filename). (Ilia) - Fixed bug #48929 (Double \r\n after HTTP headers when "header" context option is an array). (David Z762 (IPv6 address filter still rejects valid address). (Felipe) - Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia) - Fixed bug #48732 (TTF Bounding box wrong for letters below baseline). (Takeshi Abe) - Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia) - Fixed bug #48709 (metaphone and 'wh'). (brettz9 at yahoo dot com, Felipe) - Fixed bug #48697 (mb_internal_encoding() value gets reset by parse_str()). (Moriyoshi) - Fixed bug #48693 (Double declaration of __lambda_func when lambda wrongly formatted). (peter at lvp-media dot com, Felipe) - Fixed bug #48661 (phpize is broken with non-bash shells). (Jani) - Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi) - Fixed bug #48637 ("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani) - Fixed bug #48636 (Error compiling of ext/date on netware). (guenter at php.net, Ilia) - Fixed bug #48629 (get_defined_constants() ignores categorize parameter). (Felipe) - Fixed bug #48619 (imap_search ALL segfaults). (Pierre) - Fixed bug #48608 (Invalid libreadline version not detected during configure). (Jani) - Fixed bug #48555 (ImageFTBBox() differs from previous versions for texts with new lines) (Takeshi Abe) - Fixed bug #48539 (pdo_dblib fails to connect, throws empty PDOException "SQLSTATE[] (null)"). (Felipe) - Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR). (Ilia) - Fixed bug #48450 (Compile failure under IRIX 6.5.30 building gd.c). (Kalle) - Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani) - Fixed bug #48284 (hash "adler32" byte order is reversed). (Scott) - Fixed bug #48276 (date("Y") on big endian machines produces the wrong result). (Scott) - Fixed bug #48247 (Infinite loop and possible crash during startup with errors when errors are logged). (Jani) - Fixed bug #48116 (Fixed build with Openssl 1ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle) --- Module Name: pkgsrc Committed By: taca Date: Sat Sep 26 07:35:31 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile.php distinfo Log Message: Update suhosin patch to 5.2.11, too. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.67 2009/09/26 07:35:31 taca Exp $ d3 6 a8 6 SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654 Size (php-5.2.11/php-5.2.11.tar.bz2) = 9030787 bytes SHA1 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1 RMD160 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15 Size (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes d10 1 @ 1.62 log @Add back suhosin patch as a new one for 5.2.9 is out @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.61 2009/03/02 22:52:17 adrianp Exp $ d19 1 @ 1.61 log @The PHP development team would like to announce the immediate availability of PHP 5.2.9. This release focuses on improving the stability of the PHP 5.2.x branch with over 50 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.9: * Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott) * Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre) * Fixed explode() behavior with empty string to respect negative limit. (Shire) * Fixed a segfault when malformed string is passed to json_decode(). (Scott) Key enhancements in PHP 5.2.9 include: * Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei) * Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob) * A number of fixes in the mbstring extension (Moriyoshi) * Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno) * Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob) * Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott) * Fixed bug #46889 (Memory leak in strtotime()). (Derick) * Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry) * Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry) * Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia) * Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt) * Over 50 bug fixes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.60 2009/02/25 08:59:47 sborrill Exp $ d6 3 @ 1.60 log @Fix memory leak and pullup bug fix for http://bugs.php.net/bug.php?id=46918 Remove this patch when PHP >= 5.2.9 is released as it will contain these changes Bump PKGREVISION of php-imap @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.59 2009/02/21 17:01:52 adrianp Exp $ d3 3 a5 6 SHA1 (php-5.2.8/php-5.2.8.tar.bz2) = d285636144e0a4aa61195793634807e763c63dc3 RMD160 (php-5.2.8/php-5.2.8.tar.bz2) = d38fe5d918c335089a027600a93d950f417a7e98 Size (php-5.2.8/php-5.2.8.tar.bz2) = 9827180 bytes SHA1 (php-5.2.8/suhosin-patch-5.2.8-0.9.6.3.patch.gz) = b1f12dd856778e734837819114d278adaa3cfe05 RMD160 (php-5.2.8/suhosin-patch-5.2.8-0.9.6.3.patch.gz) = 9c8a0972e75e1ad887b940f57aec4d877e9364bd Size (php-5.2.8/suhosin-patch-5.2.8-0.9.6.3.patch.gz) = 23125 bytes a15 1 SHA1 (patch-as) = 7612bf91fe04d980a41dbb0ea652fd50d3b5cebb @ 1.59 log @When building extensions make sure non-standard OpenSSL locations are also searched if an explicit path is not given. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.58 2009/02/17 23:18:55 adrianp Exp $ d19 1 @ 1.58 log @Add Suhosin patch support via options.mk - no change to default package. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.57 2009/02/07 18:03:00 adrianp Exp $ d18 1 @ 1.57 log @Get SSL support working on OpenSolaris. Unfortunately on OpenSolairs the OpenSSL install is split between /lib and /usr/include/openssl with plays havoc with the php ./configure as it assumes both have the same base directory (e.g. /usr). This patch uses a modified inbuilt check for OpenSSL instead of explicitly specifying a base using --with-openssl. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.56 2008/12/10 19:37:01 adrianp Exp $ d6 3 @ 1.56 log @Update to 5.2.8. Security Enhancements and Fixes in PHP 5.2.7: Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660) Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) Key enhancements in PHP 5.2.7 include: Fixed several memory leaks inside the readline and sqlite extensions A number of corrections relating to date parsing inside the date extension Fixed bugs relating to data retrieval in the PDO extension A series of crashes in various areas of code were resolved Several corrections were made to the strip_tags() function in terms of < and = 5.2.9 is released as it will contain these changes Bump PKGREVISION of php-imap @ text @d1 1 a1 1 $NetBSD$ a14 2 SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d SHA1 (patch-as) = 7612bf91fe04d980a41dbb0ea652fd50d3b5cebb @ 1.56.2.2 log @Pullup ticket #2709 - requested by sborrill php-imap: bug fix Revisions pulled up: - lang/php5/distinfo 1.60 (via patch) - lang/php5/patches/patch-as 1.4 - mail/php-imap/Makefile 1.18 --- Module Name: pkgsrc Committed By: sborrill Date: Wed Feb 25 08:59:47 UTC 2009 Modified Files: pkgsrc/lang/php5: distinfo pkgsrc/mail/php-imap: Makefile Added Files: pkgsrc/lang/php5/patches: patch-as Log Message: Fix memory leak and pullup bug fix for http://bugs.php.net/bug.php?id=46918 Remove this patch when PHP >= 5.2.9 is released as it will contain these changes Bump PKGREVISION of php-imap @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.56.2.1 2009/02/26 13:43:59 tron Exp $ d15 1 @ 1.56.2.3 log @Pullup ticket #2721 - requested by adrianp php5: security update Revisions pulled up: - lang/php5/MESSAGE.suhosin 1.1 via patch - lang/php5/Makefile 1.71 via patch - lang/php5/Makefile.common 1.35 - lang/php5/Makefile.php 1.33-1.34 - lang/php5/PLIST 1.21 - lang/php5/distinfo 1.61-1.62 - lang/php5/patches/patch-an patch - lang/php5/patches/patch-ar patch - lang/php5/patches/patch-as delete --- Module Name: pkgsrc Committed By: adrianp Date: Mon Mar 2 22:52:17 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common Makefile.php PLIST distinfo Removed Files: pkgsrc/lang/php5/patches: patch-as Log Message: The PHP development team would like to announce the immediate availability of PHP 5.2.9. This release focuses on improving the stability of the PHP 5.2.x branch with over 50 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.9: * Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott) * Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre) * Fixed explode() behavior with empty string to respect negative limit. (Shire) * Fixed a segfault when malformed string is passed to json_decode(). (Scott) Key enhancements in PHP 5.2.9 include: * Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei) * Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob) * A number of fixes in the mbstring extension (Moriyoshi) * Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno) * Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob) * Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott) * Fixed bug #46889 (Memory leak in strtotime()). (Derick) * Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry) * Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry) * Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia) * Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt) * Over 50 bug fixes. --- Module Name: pkgsrc Committed By: adrianp Date: Thu Mar 5 23:22:24 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile.php distinfo Log Message: Add back suhosin patch as a new one for 5.2.9 is out @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.62 2009/03/05 23:22:24 adrianp Exp $ d3 3 a5 6 SHA1 (php-5.2.9/php-5.2.9.tar.bz2) = 1c738dbd7e3f8d723b6ce2e0fbc90a69e249f5f0 RMD160 (php-5.2.9/php-5.2.9.tar.bz2) = fc2b316ff05462667704027cf2a1a4ac0a238422 Size (php-5.2.9/php-5.2.9.tar.bz2) = 10203122 bytes SHA1 (php-5.2.9/suhosin-patch-5.2.9-0.9.7.patch.gz) = 4197644330a4f182f4dd64beb9db29406ed300ca RMD160 (php-5.2.9/suhosin-patch-5.2.9-0.9.7.patch.gz) = 1d2e01a935c4bbc9e858796f8f6004b4f75950b3 Size (php-5.2.9/suhosin-patch-5.2.9-0.9.7.patch.gz) = 23026 bytes d12 1 a12 1 SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602 d15 1 a15 1 SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d @ 1.55 log @Revert to 5.2.6: http://www.php.net/archive/2008.php#id2008-12-07-1 Thanks to tron@@ for the heads up @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.53 2008/10/28 07:07:58 adam Exp $ d3 3 a5 3 SHA1 (php-5.2.6/php-5.2.6.tar.bz2) = 2a2b1afa657a7739a23784c869d57c3e0a7ad6b4 RMD160 (php-5.2.6/php-5.2.6.tar.bz2) = 27f730d4b1ceb1c42ff03618dbfa0dc87a00990b Size (php-5.2.6/php-5.2.6.tar.bz2) = 9571312 bytes a10 1 SHA1 (patch-ak) = e3c654de196dc4b693b2d95e3ee131fa147125bc @ 1.54 log @Update to 5.2.7. Security Enhancements and Fixes in PHP 5.2.7: Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660) Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) Key enhancements in PHP 5.2.7 include: Fixed several memory leaks inside the readline and sqlite extensions A number of corrections relating to date parsing inside the date extension Fixed bugs relating to data retrieval in the PDO extension A series of crashes in various areas of code were resolved Several corrections were made to the strip_tags() function in terms of < and ). (jdolecek) - Fixed bug #37346 (invalid colormap format) (Pierre) - Fixed bug #37360 (invalid gif size) (Pierre) - Fixed bug #37306 (max_execution_time = max_input_time). (Dmitry) - Fixed Bug #37278 (SOAP not respecting uri in __soapCall). (Dmitry) - Fixed bug #37265 (Added missing safe_mode & open_basedir checks to imap_body()). (Ilia) - Fixed bug #37256 (php-fastcgi dosen't handle connection abort). (Dmitry) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.26 2006/08/10 05:57:09 taca Exp $ d3 3 a5 3 SHA1 (php-5.1.5nb1/php-5.1.5.tar.bz2) = 2e8ba214677fa2002fe2f10c2b917d626a5fe5b0 RMD160 (php-5.1.5nb1/php-5.1.5.tar.bz2) = 0b72153f1bdfc4dd8654961c3441d3601753ff53 Size (php-5.1.5nb1/php-5.1.5.tar.bz2) = 6454521 bytes @ 1.26 log @Add security fix for Secunia Advisory SA21403 from PHP's CVS repository. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2006/07/18 21:57:30 adrianp Exp $ d3 3 a5 3 SHA1 (php-5.1.4nb1/php-5.1.4.tar.bz2) = 83d4c5a4a3e8f3bcb0da841edd8d55893dbf5394 RMD160 (php-5.1.4nb1/php-5.1.4.tar.bz2) = d4ab11884a3a899f21eef777767a553cf81584ce Size (php-5.1.4nb1/php-5.1.4.tar.bz2) = 6356171 bytes d10 1 a10 3 SHA1 (patch-ao) = 60fec83647ca5924a38bf4d5e8abb51feba1620e SHA1 (patch-as) = 217c06efe5912570fab64f205d0b4faa07cda063 SHA1 (patch-at) = d1dd8decd0e5528e9166bd313bc382e3e138a82f a11 2 SHA1 (patch-av) = a6cfc9b508d6e6e8fe2523a1b8a2480b6c767014 SHA1 (patch-aw) = 5f075e62d57a77280e173a27bfeb096a4c4ceaa2 @ 1.25 log @Fix for CVE-2006-3011 Bump to nb2 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2006/07/08 00:53:09 minskim Exp $ d15 1 @ 1.24 log @Change DIST_SUBDIR because the current distfile path was already used before for a different tarball. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2006/05/23 22:55:22 jdolecek Exp $ d14 1 @ 1.23 log @add patch for WDDX non-ASCII serializer/deserializer problem, reported as PHP Bug 37569 and 37571 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2006/05/17 06:20:00 reed Exp $ d3 3 a5 3 SHA1 (php-5.1.4/php-5.1.4.tar.bz2) = 83d4c5a4a3e8f3bcb0da841edd8d55893dbf5394 RMD160 (php-5.1.4/php-5.1.4.tar.bz2) = d4ab11884a3a899f21eef777767a553cf81584ce Size (php-5.1.4/php-5.1.4.tar.bz2) = 6356171 bytes @ 1.23.2.1 log @Pullup ticket 1751 - requested by adrianp security fix for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.38 - pkgsrc/lang/php5/distinfo 1.25 - pkgsrc/lang/php5/patches/patch-av 1.1 Module Name: pkgsrc Committed By: adrianp Date: Tue Jul 18 21:57:30 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-av Log Message: Fix for CVE-2006-3011 Bump to nb2 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2006/07/18 21:57:30 adrianp Exp $ a13 1 SHA1 (patch-av) = a6cfc9b508d6e6e8fe2523a1b8a2480b6c767014 @ 1.23.2.2 log @Pullup ticket 1786 - requested by taca security fix for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.39 - pkgsrc/lang/php5/distinfo 1.26 - pkgsrc/lang/php5/patches/patch-aw 1.1 Module Name: pkgsrc Committed By: taca Date: Thu Aug 10 05:57:09 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-aw Log Message: Add security fix for Secunia Advisory SA21403 from PHP's CVS repository. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.26 2006/08/10 05:57:09 taca Exp $ a14 1 SHA1 (patch-aw) = 5f075e62d57a77280e173a27bfeb096a4c4ceaa2 @ 1.23.2.3 log @Pullup ticket 1796 (part 2) - requested by taca security update for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.42 - pkgsrc/lang/php5/Makefile.common 1.19 - pkgsrc/lang/php5/distinfo 1.27 - pkgsrc/lang/php5/patches/patch-ao removed - pkgsrc/lang/php5/patches/patch-as 1.2 - pkgsrc/lang/php5/patches/patch-at removed - pkgsrc/lang/php5/patches/patch-av removed - pkgsrc/lang/php5/patches/patch-aw removed Module Name: pkgsrc Committed By: taca Date: Thu Aug 17 13:17:48 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile PLIST Log Message: Correct PLIST to fix a binary package: - remove an extra directory. - handle empty directories. --- Module Name: pkgsrc Committed By: taca Date: Sat Aug 19 14:47:44 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile PLIST Log Message: More fix of PLIST, now pkg_delete should always succeed. --- Module Name: pkgsrc Committed By: taca Date: Sat Aug 19 16:44:15 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo pkgsrc/lang/php5/patches: patch-as Removed Files: pkgsrc/lang/php5/patches: patch-ao patch-at patch-av patch-aw Log Message: Update php5 package to 5.1.5: 17 Aug 2006, PHP 5.1.5 - Fixed memory_limit on 64bit systems. (Stefan E.) - Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.) - Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled. (Stefan E., Ilia) - Fixed bug #38322 (reading past array in sscanf() leads to arbitrary code execution). (Tony) - Fixed bug #38125 (undefined reference to spl_dual_it_free_storage). (Marcus) - Fixed bug #38112 (corrupted gif segfaults) (Pierre) - Fixed bug #37587 (var without attribute causes segfault). (Marcus) - Fixed bug #37576 (FastCGI env (cgi vars) table overflow). (Piotr) - Fixed bug #37496 (FastCGI output buffer overrun). (Piotr, Dmitry) - Fixed bug #37487 (oci_fetch_array() array-type should always default to OCI_BOTH). (Tony) - Fixed bug #37416 (iterator_to_array() hides exceptions thrown in rewind() method). (Tony) - Fixed bug #37392 (Unnecessary call to OCITransRollback() at the end of request). (Tony) - Fixed bug #37341 ($_SERVER in included file is shortened to two entries, if $_ENV gets used). (Dmitry) - Fixed bug #37313 (sigemptyset() used without including ). (jdolecek) - Fixed bug #37346 (invalid colormap format) (Pierre) - Fixed bug #37360 (invalid gif size) (Pierre) - Fixed bug #37306 (max_execution_time = max_input_time). (Dmitry) - Fixed Bug #37278 (SOAP not respecting uri in __soapCall). (Dmitry) - Fixed bug #37265 (Added missing safe_mode & open_basedir checks to imap_body()). (Ilia) - Fixed bug #37256 (php-fastcgi dosen't handle connection abort). (Dmitry) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.28 2006/08/19 16:50:44 taca Exp $ d3 3 a5 3 SHA1 (php-5.1.5/php-5.1.5.tar.bz2) = 2e8ba214677fa2002fe2f10c2b917d626a5fe5b0 RMD160 (php-5.1.5/php-5.1.5.tar.bz2) = 0b72153f1bdfc4dd8654961c3441d3601753ff53 Size (php-5.1.5/php-5.1.5.tar.bz2) = 6454521 bytes d10 3 a12 1 SHA1 (patch-as) = 4fc74c8e8d0a7a152a7bbe1672ad0834021db16c d14 2 @ 1.22 log @Use PKGNAME_NOREV for DIST_SUBDIR (instead of just PKGNAME). As reported by Christopher W. Richardson on tech-pkg. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2006/05/16 19:54:02 adrianp Exp $ d13 1 @ 1.21 log @Tarball on php.net has changed to include the pear installation file Modify the package to not seperately fetch the pear file from php.net Problem found by Christopher W. Richardson on tech-pkg@@ Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2006/05/07 09:41:56 jdolecek Exp $ d3 3 a5 3 SHA1 (php-5.1.4nb1/php-5.1.4.tar.bz2) = 83d4c5a4a3e8f3bcb0da841edd8d55893dbf5394 RMD160 (php-5.1.4nb1/php-5.1.4.tar.bz2) = d4ab11884a3a899f21eef777767a553cf81584ce Size (php-5.1.4nb1/php-5.1.4.tar.bz2) = 6356171 bytes @ 1.20 log @update distinfo (part of PR pkg/33432 fix) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2006/05/06 22:42:44 jdolecek Exp $ d3 3 a5 5 SHA1 (php-5.1.4/php-5.1.4.tar.bz2) = 65c9cf8ddbcf023503c8bb618a95438f605b5098 RMD160 (php-5.1.4/php-5.1.4.tar.bz2) = 5468a7d544285438c78a8f68f1169dc22e4e8a2b Size (php-5.1.4/php-5.1.4.tar.bz2) = 5992825 bytes SHA1 (php-5.1.4/install-pear-nozlib.phar) = IGNORE RMD160 (php-5.1.4/install-pear-nozlib.phar) = IGNORE @ 1.19 log @Update lang/php5 to 5.1.4. Some of the key changes include: * Disallow certain characters in session names. * Fixed a buffer overflow inside the wordwrap() function. * Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. * Enforce safe_mode for the source parameter of the copy() function. * Fixed cross-site scripting inside the phpinfo() function. * Fixed offset/length parameter validation inside the substr_compare() function. * Fixed a heap corruption inside the session extension. * Fixed a bug that would allow variable to survive unset(). * Fixed a number of crashes in the DOM, SOAP and PDO extensions. * Upgraded bundled PCRE library to version 6.6 * The use of the var keyword to declare properties no longer raises a deprecation E_STRICT. * FastCGI interface was completely reimplemented. * Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions. * Over 120 various bug fixes. See release annoucement on: http://www.php.net/release_5_1_3.php And ChangeLog: http://www.php.net/ChangeLog-5.php#5.1.3 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2006/04/22 10:54:53 jdolecek Exp $ d3 5 a7 3 SHA1 (php-5.1.4.tar.bz2) = 65c9cf8ddbcf023503c8bb618a95438f605b5098 RMD160 (php-5.1.4.tar.bz2) = 5468a7d544285438c78a8f68f1169dc22e4e8a2b Size (php-5.1.4.tar.bz2) = 5992825 bytes @ 1.18 log @do not require -I${PREFIX}/include/php/ext/date/lib when building extension using php_date.h problem reported upstream as PHP Bug 37163 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2006/04/22 10:41:59 jdolecek Exp $ d3 3 a5 3 SHA1 (php-5.1.2.tar.bz2) = f6acc67c293345ad22065768f3049834cb8a912e RMD160 (php-5.1.2.tar.bz2) = 1e21b5ba280b7efc8197802c673bb5d4e9dc9f8e Size (php-5.1.2.tar.bz2) = 6319905 bytes a10 3 SHA1 (patch-ap) = 79bb4da2c98cc5dc43e66d1a7a940b34401b3811 SHA1 (patch-aq) = 3dede277476e99d927a5333d82ae9096b96e58f7 SHA1 (patch-ar) = 819b84c4dbb9973159d2c2fe11f77044f6b4d0b9 d12 1 a12 1 SHA1 (patch-at) = 1f700e2d91dd64538b1223b0ddad875c57b8f8af @ 1.17 log @patch-as as renamed to patch-at before commit, follow rename also here @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2006/04/22 10:27:05 jdolecek Exp $ d14 1 @ 1.16 log @add patch to actually compile the contents of PHP WDDX module; before it produced empty *.so and the module couldn't be actually used @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2006/04/14 13:47:29 cube Exp $ d14 1 a14 1 SHA1 (patch-as) = 1f700e2d91dd64538b1223b0ddad875c57b8f8af @ 1.15 log @PHP4/5 security changes... They're not critical issues; secunia classes them between "not critical" and "less critical". Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490. See: http://secunia.com/advisories/19383/ http://secunia.com/advisories/19599/ Patches were extracted from CVS. I had to translate the one for CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch (I don't know why; I can confirm it fixes the issue). While here, add PATCHDIR to the list of variables php5's Makefile.php defines. That way, ap-php gets patched too... @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2006/02/06 06:39:59 martti Exp $ d14 1 @ 1.14 log @Updated lang/php5 to 5.1.2 * HTTP Response Splitting has been addressed in ext/session and in the header() function. * Fixed format string vulnerability in ext/mysqli. * Fixed possible cross-site scripting problems in certain error conditions. * Hash & XMLWriter extensions added and enabled by default. * Upgraded OCI8 extension. * Over 85 various bug fixes. (I haven't heard anything from the MAINTAINER but since this works fine on my servers and as this fixes security issues I checked in this) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2005/12/06 08:32:22 jdolecek Exp $ d11 3 @ 1.14.2.1 log @Pullup ticket 1406 - requested by cube security fixes for php Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.29 - pkgsrc/lang/php5/Makefile.php 1.18 - pkgsrc/lang/php5/distinfo 1.15 - pkgsrc/lang/php5/patches/patch-ap 1.1 - pkgsrc/lang/php5/patches/patch-aq 1.1 - pkgsrc/lang/php5/patches/patch-ar 1.1 - pkgsrc/www/php4/Makefile 1.63 - pkgsrc/www/php4/distinfo 1.52 - pkgsrc/www/php4/patches/patch-aq 1.1 - pkgsrc/www/php4/patches/patch-ar 1.1 - pkgsrc/www/php4/patches/patch-as 1.1 - pkgsrc/www/ap-php/Makefile 1.9 Module Name: pkgsrc Committed By: cube Date: Fri Apr 14 13:47:30 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Makefile.php distinfo pkgsrc/www/ap-php: Makefile pkgsrc/www/php4: Makefile distinfo Log Message: PHP4/5 security changes... They're not critical issues; secunia classes them between "not critical" and "less critical". Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490. See: http://secunia.com/advisories/19383/ http://secunia.com/advisories/19599/ Patches were extracted from CVS. I had to translate the one for CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch (I don't know why; I can confirm it fixes the issue). While here, add PATCHDIR to the list of variables php5's Makefile.php defines. That way, ap-php gets patched too... --- Module Name: pkgsrc Committed By: cube Date: Fri Apr 14 13:48:33 UTC 2006 Added Files: pkgsrc/lang/php5/patches: patch-ap patch-aq patch-ar pkgsrc/www/php4/patches: patch-aq patch-ar patch-as Log Message: The actual patches for PHP4/5. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2006/04/14 13:47:29 cube Exp $ a10 3 SHA1 (patch-ap) = 79bb4da2c98cc5dc43e66d1a7a940b34401b3811 SHA1 (patch-aq) = 3dede277476e99d927a5333d82ae9096b96e58f7 SHA1 (patch-ar) = 819b84c4dbb9973159d2c2fe11f77044f6b4d0b9 @ 1.13 log @patch php.ini-dist and php.ini-recommended to comment out extension_dir and to uncomment and explicitly set upload_tmp_dir, so that this works out of box (patches adapted from www/php4) pointed out by Martti Kuparinen on tech-pkg@@ @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2005/12/04 12:02:08 jdolecek Exp $ d3 4 a6 4 SHA1 (php-5.1.1.tar.bz2) = 38c59909091c788cab21abb7562f90901da797b9 RMD160 (php-5.1.1.tar.bz2) = 7578bca79f48b83176c1dfe4c71165de88453744 Size (php-5.1.1.tar.bz2) = 6149470 bytes SHA1 (patch-ag) = 1ded1d7f4daac6806f41864c783f16d3403315e4 d8 3 a10 3 SHA1 (patch-aj) = cc68ce876dc5998becbe2f1f74288b5da5bbaca3 SHA1 (patch-ak) = 0faa523103e0a9a3c01c78c2fe9a64c0a9b2fc43 SHA1 (patch-ao) = bbd5aba2e45bb236eafac351f382633ef76b51f0 @ 1.13.2.1 log @Pullup ticket 1136 - requested by Martti Kuparinen security update for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.24, 1.25, 1.27 - pkgsrc/lang/php5/Makefile.common 1.14, 1.15 - pkgsrc/lang/php5/PLIST 1.9, 1.10 - pkgsrc/lang/php5/buildlink3.mk 1.10 - pkgsrc/lang/php5/distinfo 1.14 - pkgsrc/lang/php5/patches/patch-ag 1.2 - pkgsrc/lang/php5/patches/patch-ak 1.2 - pkgsrc/lang/php5/patches/patch-aj 1.3 - pkgsrc/lang/php5/patches/patch-ao 1.3 Module Name: pkgsrc Committed By: reed Date: Wed Jan 4 17:44:24 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Log Message: Use PKGMANDIR instead of "man". --- Module Name: pkgsrc Committed By: rillig Date: Thu Feb 2 20:31:17 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile PLIST Log Message: Added two missing files to the PLIST. Bumped PKGREVISION. --- Module Name: pkgsrc Committed By: martti Date: Mon Feb 6 06:39:59 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common PLIST buildlink3.mk distinfo pkgsrc/lang/php5/patches: patch-ag patch-aj patch-ak patch-ao Log Message: Updated lang/php5 to 5.1.2 * HTTP Response Splitting has been addressed in ext/session and in the header() function. * Fixed format string vulnerability in ext/mysqli. * Fixed possible cross-site scripting problems in certain error conditions. * Hash & XMLWriter extensions added and enabled by default. * Upgraded OCI8 extension. * Over 85 various bug fixes. (I haven't heard anything from the MAINTAINER but since this works fine on my servers and as this fixes security issues I checked in this) --- Module Name: pkgsrc Committed By: jdolecek Date: Mon Feb 6 20:12:55 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile.common Log Message: add fix to build php-xmlrpc and php5-dom successfully with 5.1.2 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2006/02/06 06:39:59 martti Exp $ d3 4 a6 4 SHA1 (php-5.1.2.tar.bz2) = f6acc67c293345ad22065768f3049834cb8a912e RMD160 (php-5.1.2.tar.bz2) = 1e21b5ba280b7efc8197802c673bb5d4e9dc9f8e Size (php-5.1.2.tar.bz2) = 6319905 bytes SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e d8 3 a10 3 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc SHA1 (patch-ak) = 2d5264d33ebef631d4a2d0cdf8a2ed365bdbeb7e SHA1 (patch-ao) = 60fec83647ca5924a38bf4d5e8abb51feba1620e @ 1.12 log @regen patch-ao with less context lines to avoid $Id$ in the original file (using pkgdiff now) PR: 32233 by Peter Avalos @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2005/12/03 18:53:57 jdolecek Exp $ d6 2 @ 1.11 log @Update PHP5 to version 5.1.1. Some of the key features include: * A complete rewrite of date handling code, with improved timezone support. * Significant performance improvements compared to PHP 5.0.X. * PDO extension is now enabled by default (separate pkg for pkgsrc) * Over 30 new functions in various extensions and built-in functionality. * Bundled libraries, PCRE and SQLite upgraded to latest versions. * Over 400 various bug fixes. * PEAR upgraded to version 1.4.5 This release also fixes various security problems discovered in 5.0.X. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2005/10/16 12:17:47 jdolecek Exp $ d8 1 a8 1 SHA1 (patch-ao) = 66de18a3a64f5d65402ab455a097c0635bb03324 @ 1.10 log @Fix bug in mbstring extension function mb_encode_mimeheader(), which misinterpreted some Japanese characters as ASCII. PR: 31223 by Takahiro Kambe @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2005/10/07 21:09:28 jdolecek Exp $ d3 3 a5 3 SHA1 (php-5.0.5.tar.bz2) = ffcc050f879265eb96f2c8dc79fa895047da9d4a RMD160 (php-5.0.5.tar.bz2) = 6a9a892affba229770154407860cd1c2a098eaf9 Size (php-5.0.5.tar.bz2) = 4895556 bytes d8 1 a8 3 SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46 SHA1 (patch-am) = 0de0be745262c1e986062c7a50261dbe58f97ac9 SHA1 (patch-an) = dfe696f416ab5deffd38150441a65246a4816cf4 @ 1.9 log @Add a fix to LDAP extension build to properly detect LDAP capabilities, such as TLS support. Patch provided by Stoned Elipot in private e-mail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2005/09/08 18:49:01 jdolecek Exp $ d10 1 @ 1.8 log @Update php5 to version 5.0.5. This is maintenance release, aimed at bug fixes only with only few and minor new features. Full changelog available at: http://mirrors.inway.cz/ChangeLog-5.php#5.0.5 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2005/09/03 13:37:36 adrianp Exp $ d9 1 @ 1.7 log @Update php5 to 5.0.4nb1 to address XML_RPC security issue(s) Fix based on work done by tron@@ for the PHP 4.x branch fix PLIST fixup to correctly remove @@PREFIX@@/lib/php @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2005/04/11 20:16:02 jdolecek Exp $ d3 3 a5 6 SHA1 (php-5.0.4.tar.bz2) = 37780b89acbc492e0e5c0ace956d1dc1e93bf779 RMD160 (php-5.0.4.tar.bz2) = c0e0126637527d2e7352b123e102a4231349784e Size (php-5.0.4.tar.bz2) = 4731383 bytes SHA1 (XML_RPC-1.4.0.tgz) = 461f0b70675a37f524043d19078e9c0502dd13ac RMD160 (XML_RPC-1.4.0.tgz) = 8647565c7fa973ac800683d91c32d781fce9437c Size (XML_RPC-1.4.0.tgz) = 26776 bytes @ 1.6 log @Update php5 to 5.0.4. This is maintenance/bugfix release, full list of changes available at: http://www.php.net/ChangeLog-5.php#5.0.4 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2005/02/24 09:03:10 agc Exp $ d6 3 @ 1.6.2.1 log @Pullup ticket 736 - requested by Adrian Portelli security fix for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.14 - pkgsrc/lang/php5/PLIST 1.6 - pkgsrc/lang/php5/buildlink3.mk 1.5 - pkgsrc/lang/php5/distinfo 1.7 Module Name: pkgsrc Committed By: adrianp Date: Sat Sep 3 13:37:36 UTC 2005 Modified Files: pkgsrc/lang/php5: Makefile PLIST distinfo Log Message: Update php5 to 5.0.4nb1 to address XML_RPC security issue(s) Fix based on work done by tron@@ for the PHP 4.x branch fix PLIST fixup to correctly remove @@PREFIX@@/lib/php --- Module Name: pkgsrc Committed By: adrianp Date: Sat Sep 3 14:41:05 UTC 2005 Modified Files: pkgsrc/lang/php5: buildlink3.mk Log Message: Bump BUILDLINK_RECOMMENDED to nb1 for recent security issue and fix typo Fix suggested by salo@@. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2005/09/03 13:37:36 adrianp Exp $ a5 3 SHA1 (XML_RPC-1.4.0.tgz) = 461f0b70675a37f524043d19078e9c0502dd13ac RMD160 (XML_RPC-1.4.0.tgz) = 8647565c7fa973ac800683d91c32d781fce9437c Size (XML_RPC-1.4.0.tgz) = 26776 bytes @ 1.5 log @Add RMD160 digests @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2004/12/17 07:53:06 jdolecek Exp $ d3 4 a6 4 SHA1 (php-5.0.3.tar.bz2) = b717020a329a4e3b4714d5a290b9cb9f3dfda7d3 RMD160 (php-5.0.3.tar.bz2) = fef65f7fe2c29c2a77b8fbcf235bdc1da6fa1da5 Size (php-5.0.3.tar.bz2) = 4607759 bytes SHA1 (patch-aj) = 88e456015f4d8e92ea57019df39195905b3f6c28 @ 1.4 log @Update php5 to 5.0.3. This maintenance release addressing several very serious security issues, as well as bunch of non-critical bug fixes. All PHP5 users are strongly encouraged to upgrade to this version. Detailed change list at: http://www.php.net/ChangeLog-5.php#5.0.3 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2004/12/12 11:03:33 jdolecek Exp $ d4 1 @ 1.3 log @completely ignore system php.ini for all pear-related operations; this is necessary to avoid being subject to e.g. open_basedir or safe_mode settings @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2004/10/31 21:14:54 jdolecek Exp $ d3 2 a4 2 SHA1 (php-5.0.2.tar.bz2) = 85e4635ce764199d60329a578421159f338be082 Size (php-5.0.2.tar.bz2) = 4577974 bytes @ 1.2 log @add patches necessary to build php-imap with PHP5 @ text @d1 1 a1 1 $NetBSD$ d7 1 @ 1.1 log @Initial revision @ text @d5 2 @ 1.1.1.1 log @Import PHP 5.0.2, based on the pkgsrc-wip PHP5 package. Some of the key features of PHP 5 include: * The Zend Engine II with a new object model and dozens of new features. * XML support has been completely redone in PHP 5, all extensions are now focused around the excellent libxml2 library (http://www.xmlsoft.org/). * A new SimpleXML extension for easily accessing and manipulating XML as PHP objects. It can also interface with the DOM extension and vice-versa. * A brand new built-in SOAP extension for interoperability with Web Services. * A new MySQL extension named MySQLi for developers using MySQL 4.1 and later. This new extension includes an object-oriented interface in addition to a traditional interface; as well as support for many of MySQL's new features, such as prepared statements. * SQLite has been bundled with PHP. For more information on SQLite, please visit their website. * Streams have been greatly improved, including the ability to access low-level socket operations on streams. @ text @@